Date: Fri, 30 Mar 2012 18:38:37 +0200 From: "O. Hartmann" <ohartman@mail.zedat.fu-berlin.de> To: Current FreeBSD <freebsd-current@freebsd.org> Subject: Re: SSL: wrong/broken in FreeBSD 10.0-CURRENT? Message-ID: <4F75E18D.8020304@mail.zedat.fu-berlin.de> In-Reply-To: <4F75BA0F.4080602@mail.zedat.fu-berlin.de> References: <4F75BA0F.4080602@mail.zedat.fu-berlin.de>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig4F43CD93F2224205802BDE72 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable Am 03/30/12 15:50, schrieb O. Hartmann: > Sorry for the naiv headline. >=20 > I run into massive problems on all of my FreeBSD 10.0-CURRENT driven > boxes. PostgreSQL rejects accessing OpenLDAP via SSL and all clients > accessing the database and autheticating users via a SSL/TLS secured > conection to OpenLDAP refuse working. This includes some very important= > facilities like textproc/refdb, databases/pgadmin3, www/mediawiki. >=20 > Mor scraing, I tried to generate for a our small network new SSL > certificates. We use since FreeBSD 8.0 small scripts for that task. > Creating a new CA certificate works fine, creating new certificate for > clients including based on the new CA. >=20 > Well, what worked half a year before doesn't anymore and I have no clue= > what goes wrong. >=20 > I created a set of new CA, key and host certificate (self signed, of > course) for OpenLDAP. > Using the CA and key/cert from backup - created with the same conf and > scipts on FBSD 8/9 I use now on FBSD 10, goes "smooth", but fails > starting the OpenLDAP server. > The log output of the server is as follows: >=20 > TLS: could not use key file `/usr/local/etc/openldap/certs/server.key= '. > TLS: error:0B080074:x509 certificate routines:X509_check_private_key:ke= y > values mismatch > /usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/x509/x509_= cmp.c:406 > main: TLS init def ctx failed: -1 > slapd stopped. > connections_destroy: nothing to destroy. > /usr/local/etc/rc.d/slapd: WARNING: failed to start slapd >=20 >=20 > As far I can dig from the web this error code "TLS: error:0B080074:x509= > certificate..." s due to mismatching CN names. But why out of the sudde= n > should that be wrong? >=20 > Did something significantly changed in FreeBSD 10.0-CURRENT these days?= >=20 > Regards, > Oliver Sorry for the noise! I realized by a hint of a list member, that many of my ports, although I thought I have rebuilt all of them, lack in several libraries libkrbXXX I deleted by intension on FreeBSD 10. After checkig for those ports, recompiling them, everything runs smooth as expected now! Regards, Oliver --------------enig4F43CD93F2224205802BDE72 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iQEcBAEBAgAGBQJPdeGSAAoJEOgBcD7A/5N8K6gH/1yVp0X9ukT13VHX/iwzChaP dRSmimxhP8+GRFTYfzZ7lF1yOl0XQtEXXCh6HutcUXQoWh7zmGFzAxaEadCVOrOw sADskuNKYzOmMQBfe5YwHmpAKPoionBsHkXrXx1wm/Pumr6KY4i79ZdAhnXD72iT vjWhKp0oyhr+PNqReYrNHENaBZStGRMTX+uFy8FFI5dLvQ5nwxMVONEMwJuwSnJA tLVQhu/WmOUBIBcGFUT61lwrnkqoWhClfihA1nEYLLr1SoPNnjHrn/0ifv8GqSEp mniTU5rlnCLxhDbXXP6eb7B6Grt3Z0nrkbJB23YQvzzcbeCEzJo/LC2QLZ+7sn0= =1Wgr -----END PGP SIGNATURE----- --------------enig4F43CD93F2224205802BDE72--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F75E18D.8020304>