[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: SSL, certs, and conserver (fix included)

Chris Ross cross+conserver@distal.com
Wed, 19 Oct 2005 11:57:56 -0700 (PDT)

Bryan Stansell wrote:
well, i'm seriously lacking on ideas.  can you show me a 'conserver -V',
so i know how it was compiled, etc?  and can you make sure that you're
using one version of conserver (not picking up the wrong binary because
of multiple installs or a $PATH issue or something)?  and perhaps the
conserver.cf (with whatever you want made generic).  or, better yet, if
you point conserver to the test/test1.cf config file and try things with
that, does it produce the same issue?

Okay. I did the latter. The conserver -V produces:

conserver: conserver.com version 8.1.12
conserver: default access type `r'
conserver: default escape sequence `^Ec'
conserver: default configuration in `/etc/conserver/conserver.cf'
conserver: default password in `/etc/conserver/conserver.passwd'
conserver: default logfile is `/var/log/conserver'
conserver: default pidfile is `/var/run/conserver.pid'
conserver: default limit is 16 members per group
conserver: default primary port referenced as `782'
conserver: default secondary base port referenced as `0'
conserver: options: libwrap, openssl, pam
conserver: openssl version: OpenSSL 0.9.7d 17 Mar 2004
conserver: built with `./configure --sysconfdir=/etc/conserver --prefix=/usr/local --with-openssl=/usr/sfw --with-pam --with-libwrap --with-port=782 --with-master=sesirm-console'

  But, despite the --with-openssl, I whacked the makefile
so that it built with a libssl.a and libcrypto.a that I
built.  ldd confirms it doesn't link with the Solaris
libssl.so and libcrypto.so (solaris doesn't ship .a
versions of those libs).

When I run it with test/test1.cf, it says:

# /usr/local/sbin/conserver -C /tmp/conserver-8.1.12/test/test1.cf
[Wed Oct 19 14:48:46 2005] conserver (6010): conserver.com version 8.1.12
[Wed Oct 19 14:48:46 2005] conserver (6010): started as `root' by `cross'
[Wed Oct 19 14:50:19 2005] conserver (6010): ERROR: FileSSLAccept(): SSL error on fd 5
^C[Wed Oct 19 14:51:03 2005] conserver (6010): terminated

That ERROR line was produced when I ran the client, as follows:

% /usr/local/bin/console -x
sesirm-console: access from your host refused
% /usr/local/bin/console -M -x
console: SSL negotiation failed

  Obviously, only the second one succeeded, and produced
the error listed above.

  I don't know if this helps at all, or not.  If
you can suggest to me where in the code I should
start debugging, I can do that.  I'm pretty good
at code, but could use a pointer as to where to
start sticking in the debugging printf's.  :-)

- Chris