[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: SSL, certs, and conserver (fix included)

Chris Ross cross+conserver@distal.com
Thu, 29 Jun 2006 10:17:39 -0700 (PDT)

On Oct 19, 2005, at 6:20 PM, Bryan Stansell wrote:
   So, I have a workaround now, but would like to
know if you knew that it required something above
0.9.7d?  Thanks...

i didn't know (or expect) a requirement of using something newer than 0.9.7d. the code used to work with 0.9.6, etc. something could very well have changed such that it's not backward compatible any more - in some way.

surprisingly, i have openssl-0.9.7d (as well as a handful of other
versions on my box).  here's two (0.9.7d and 0.9.7c):

So, time flies by, jobs change, and now I'm at a totally different place
finding the same problem. It's still a sparc Solaris 10 machine, in this
case Solaris 10 Update 1 (I think. We have update 2 boxes around, as
well, but this is an Update 1 box).

  I have the aforementioned problem that when running with a
compilation against the Solaris 0.9.7d OpenSSL, I get:

[Thu Jun 29 12:51:37 2006] conserver (5930): ERROR: FileSSLAccept(): SSL error on fd 5

as output from conserver -v, and I get:

$ console -x
console: SSL negotiation failed
5932:error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or hash unavailable:../../../../common/openssl/ssl/t1_enc.c:449:

from the client command as shown.

:-/ I found the old conversation on the web (and later in my mailbox. ;-)
and now know that with a fair amount of effort, I can work around this
problem, but it seems like we should try to figure out why this fails
on Solaris.

  If you think you might have some time to help me with it s'more, I
can probably even make a solaris box available to you, given a
little bit of time.

  Let me know if you have any other suggestions of things to try.
conserver -V output is attached, in case it's useful...

$ /usr/local/sbin/conserver -V
conserver: conserver.com version 8.1.14
conserver: default access type `r'
conserver: default escape sequence `^Ec'
conserver: default configuration in `/etc/conserver/conserver.cf'
conserver: default password in `/etc/conserver/conserver.passwd'
conserver: default logfile is `/var/log/conserver'
conserver: default pidfile is `/var/run/conserver.pid'
conserver: default limit is 16 members per group
conserver: default primary port referenced as `conserver'
conserver: default secondary base port referenced as `0'
conserver: options: openssl, pam
conserver: openssl version: OpenSSL 0.9.7d 17 Mar 2004
conserver: built with `./configure --prefix=/usr/local --sysconfdir=/ etc/conserver --with-extmsgs --with-rpath --with-openssl --with-pam'