Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: httpd ssl failures




On 2019-12-15 20:09, Edgar Pettijohn wrote:

On 2019-12-15 18:18, Edgar Pettijohn wrote:
laptop$ uname -a
NetBSD laptop.my.domain 9.99.24 NetBSD 9.99.24 (GENERIC_KASLR) #0: Sat Dec 14 21:37:06 CST 2019 root%laptop.my@localhost.domain:/usr/obj/sys/arch/amd64/compile/GENERIC_KASLR amd64

Testing ssl with httpd run from inetd I get the following in the xferlog:

laptop$ sudo tail -n 20 /var/log/xferlog
Dec 15 18:07:07 laptop httpd[2847]: accept: SSL_ERROR 1
Dec 15 18:07:07 laptop httpd[2847]: SSL Error: SSL routines:ssl3_read_bytes:sslv3 alert bad certificate

Certificate/key created like so:

openssl req -x509 -nodes -days 365 -sha256 -newkey rsa:2048 -keyout mycert.pem -out mycert.pem

I also tried the following with the same results:

openssl genrsa -out mycert.key 4096

openssl req -new -x509 -key mycert.key -out mycert.crt -days 365

The inetd.conf isn't anything special just added the following:

https stream tcp nowait:600 _httpd /usr/libexec/httpd httpd -Z /path/to/cert /path/to/key -X /var/www

When attempting to access the service with firefox it causes firefox to exit.

Is this a problem with my setup?


Thanks,

Edgar


Think it may be an httpd issue. Used the cert/key with postfix and tested with openssl s_client and didn't see any issues.


Edgar

laptop$ sudo openssl req -newkey rsa:4096 -nodes -sha512 -x509 -days 365 -nodes -out /etc/openssl/certs/test.pem -keyout /etc/openssl/private/test.pem

This key/cert ends with:

laptop$ sudo /usr/libexec/httpd -df -Z /etc/openssl/certs/test.pem /etc/openssl/private/test.pem /var/www
accept: SSL_ERROR 2
SSL Error: (null):(null):(null)




Home | Main Index | Thread Index | Old Index