[bug-anubis] Permissions problem with openSSL

bug-anubis

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-anubis] Permissions problem with openSSL

From:	Jim Cheetham
Subject:	[bug-anubis] Permissions problem with openSSL
Date:	Tue, 09 Sep 2003 16:51:34 +1200

I'm setting up a TLS/SSL connection via Anubis ...

If the ssl-key/ssl-cert file is owned by root, mode 600, Anubis fails to
initialise TSL, due to an internal SSL permissions problem. I'm guessing
that we've shed privileges.

However, if the ssl-key file has wider permissions, like 644, Anubis
works a treat, except for a complaint about the file permissions.

Mode 600 failure :-
CLIENT <<< starttls(10)
> [3990] Using the TLS/SSL encryption...
SERVER >>> STARTTLS(10)
SERVER <<< 220 TLS go ahead(18)
> [3990] Initializing the TLS/SSL connection with MTA...
> [3990] TLSv1/SSLv3 connection using DES-CBC3-SHA (168 bits)
> [3990] Server public key is 1024 bits
> [3990] Certificate:
> [3990] Subject: /C=GB/ST=Internet/O=Ourshack/OU=Mail
service/CN=smtp.ourshack.com
> [3990] Issuer:  /C=GB/ST=Internet/O=Ourshack/CN=Master
CA/address@hidden
CLIENT >>> 220 2.0.0 Ready to start TLS(30)
>>error:0200100D:system library:fopen:Permission denied
>>[3990] SSL_CTX_use_certificate_file() failed.
> [3990] Initializing the TLS/SSL connection with MUA...
>>error:20074002:BIO routines:FILE_CTRL:system lib
>>[3990] Can't create a new SSL structure for a connection.
CLIENT >>> 454 4.3.3 TLS not available(29)
> [3990] Connection terminated.

Mode 644 success :-
CLIENT <<< starttls(10)
> [4069] Using the TLS/SSL encryption...
SERVER >>> STARTTLS(10)
SERVER <<< 220 TLS go ahead(18)
> [4069] Initializing the TLS/SSL connection with MTA...
> [4069] TLSv1/SSLv3 connection using DES-CBC3-SHA (168 bits)
> [4069] Server public key is 1024 bits
> [4069] Certificate:
> [4069] Subject: /C=GB/ST=Internet/O=Ourshack/OU=Mail
service/CN=smtp.ourshack.com
> [4069] Issuer:  /C=GB/ST=Internet/O=Ourshack/CN=Master
CA/address@hidden
>>[4069] Wrong permissions on /etc/ssl/certs/anubis.pem. Set 0600.
CLIENT >>> 220 2.0.0 Ready to start TLS(30)
> [4069] Initializing the TLS/SSL connection with MUA...

So, I guess either there is a third option I haven't thought of, or the
permissions warning is incorrect.

-- 
Jim Cheetham
Systems Administrator, eCOSM Limited.
Phone +64 3 365 4176 | Mobile +64 21 314 158
http://www.ecosm.com/

[Prev in Thread]

Current Thread

[Next in Thread]

[bug-anubis] Permissions problem with openSSL, Jim Cheetham <=
- Re: [bug-anubis] Permissions problem with openSSL, Wojciech Polak, 2003/09/09

Prev by Date: Re: [bug-anubis] 'remote' usage of anubis
Next by Date: Re: [bug-anubis] Permissions problem with openSSL
Previous by thread: [bug-anubis] 'remote' usage of anubis
Next by thread: Re: [bug-anubis] Permissions problem with openSSL
Index(es):
- Date
- Thread