Quoth Garry <[email protected]>: > Hello, I'm trying set up ftpd to use TLS, but cannot get it to work.
Hi, > openssl s_client -connect temeraire:21 -starttls ftp -servername temeraire > CONNECTED(00000004) > 100000000A000000:error:0A000410:SSL routines:ssl3_read_bytes:sslv3 alert > handshake failure:ssl/record/rec_layer_s3.c:1605:SSL alert number 40 > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 55 bytes and written 325 bytes > Verification: OK > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > No ALPN negotiated > Early data was not sent > Verify return code: 0 (ok) This is a symptom of tlsServer() not being able to find the key in factotum. Some further diagnosis on my end shows that the way you have generated the tls key is at fault, it seems like keys missing the 'owner=*' attribute in factotum will not be read. See the example in rsa(8): > auth/rsagen -t 'service=tls role=client owner=*' >key > auth/rsa2x509 'C=US CN=*.cs.bell-labs.com' key | auth/pemencode CERTIFICATE > >cert If you correct your rsagen invocation to the following, you should be able to get this working. > auth/rsagen -t 'service=tls role=client owner=*' > key In the future, please direct 9front specific questions to the 9front mailing list. I am not subscribed to 9fans and this is true for many of those that may be able to assist you. - mia ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/T086867ac9995804e-Ma7b2cfc1582330fccf41c2ea Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
