[Serusers] TLS configuration problem (was TLS comments)
Klaus Darilion
klaus.mailinglists at pernau.at
Mon Feb 6 19:08:22 CET 2006
Jan Janak wrote:
> Hi Klaus,
>
> Klaus Darilion wrote:
>
>>Hi all!
>>
>>I wonder if this TLS module if even working. First, I had to patch ser
>>to allow settings for the default client TLS domain, but still I can't
>>connect. Not even ser<-->ser works.
>
>
> Yes, it works. Configuration of the client part was not done yet(see my
> email on serdev, it was mentioned there), I fixed that already and will
> commit it shortly. But this is not a problem as long as you only use
> the default client domain, because in that case you can just put the
> certificate in the default path and it will work.
Hi Jan!
The more I reveiw the code the more I come to the conslusion that the
TLS code you are using is different to the TLS code released.
e.g. the default settings in config.h are wrong:
#define TLS_PKEY_FILE CFG_DIR "cert.pem"
#define TLS_CERT_FILE CFG_DIR "cert.pem"
^^^^^^^^
You said it should work fine as long as I use the default client domain.
But in the default client domain the keys are set to 0:
/* Default client domain */
d->cert_file = 0;
d->pkey_file = 0;
d->verify_cert = 1;
d->verify_depth = 3;
d->ca_file = 0;
d->require_cert = 1;
d->method = TLS_USE_SSLv23;
tls_def_cli = d;
So, are we talking about the same TLS code?
regards
klaus
More information about the sr-users
mailing list