[prev in list] [next in list] [prev in thread] [next in thread]
List: pureftpd-list
Subject: Re: [pure-ftpd] confusing TLS certificate file missing error
From: Alexander Rusa <alexander.rusa () emerion ! com>
Date: 2011-09-10 17:25:02
Message-ID: B614F374-5356-47C5-A11E-03A931031A93 () emerion ! com
[Download RAW message or body]
Hi!
Thank you for your answer!
I found out what the problem was!
I had to combine the private key and the certificate in one file.
Regards,
Alex
Am 10.09.2011 um 07:36 schrieb Zdenek Styblik:
> On 09/09/11 18:23, Alexander Rusa wrote:
> > Hi!
> >
> > My pure-ftpd won't start up with TLS enabled because of this error:
> > 421 Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem]
> >
> > But this file exists. I searched in the pure-ftpd-source and found out, that in \
> > tls.c:226 pure-ftpd tries to actually use this certificate file. The OpenSSL \
> > documentation says "On success, the functions return 1. Otherwise check out the \
> > error stack to find out the reason." -> \
> > http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html But pure-ftpd \
> > doesn't do that. Instead it tells, that the certificate file is missing - which \
> > is not always correct.
> > ###
> > if (SSL_CTX_use_certificate_chain_file(tls_ctx,
> > TLS_CERTIFICATE_FILE) != 1) {
> > die(421, LOG_ERR,
> > MSG_FILE_DOESNT_EXIST ": [%s]", TLS_CERTIFICATE_FILE);
> > }
> > ###
> >
> > So in my case there must be some other problem with the file, but I don't get the \
> > error message.
> > Could somebody tell me how I can patch this to get a correct error-message?
> >
> > thanks
> >
> > Alex
>
> Hi,
>
> perhaps there is a problem with ACLs:
>
> ~~~ SNIP ~~~
> ls -la /etc/ssl/private/pure-ftpd.pem
> -r-------- 1 root root 2278 2009-06-05 23:56 /etc/ssl/private/pure-ftpd.pem
> ~~~ SNIP ~~~
>
> ???
>
> Regards,
> Z.
>
> --
> Zdenek Styblik
> email: stybla@turnovfree.net
> jabber: stybla@jabber.turnovfree.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic