[CalendarServer-users] Exception thrown when using chained certificates

Nikola Knežević Sun, 31 Mar 2013 15:40:14 -0700

Hi,

I finally managed to get Calendar Server (version 4.2) to run on my Mac 
(10.7.5). It runs without problems if I use a self-signed certificate. However, 
I wanted to go a step further, and introduce my root and intermediate 
certificates in the process. However, the server fails with the output listed 
at the end of this message.


This is the relevant part of caldavd.plist:
   <!--
       SSL/TLS
     -->
   <!-- Public key -->
   <key>SSLCertificate</key>
   <string>/usr/local/caldavd/etc/caldav-server.crt</string>

   <!-- SSL authority chain (for intermediate certs) -->
   <key>SSLAuthorityChain</key>
   <string>/usr/local/caldavd/etc/chain.crt</string>

   <!-- Private key -->
   <key>SSLPrivateKey</key>
   <string>/usr/local/caldavd/etc/caldav-server.key</string>

I created these, using roughly these steps:


openssl genrsa -des3 -passout pass:stdin -out root-ca.key 4096
openssl req -new -key root-ca.key -out root-ca.csr 
openssl x509 -req -days 4384 -in root-ca.csr -signkey root-ca.key \
        -extfile GenerateCertificate.cfg -extensions v3_ca -out root-ca.crt
openssl pkcs12 -export -in root-ca.crt -inkey root-ca.key -out root-ca.p12
openssl pkcs12 -in root-ca.p12  -out root-ca.pem -nodes 

intermediate:
openssl genrsa -des3 -out intermediate-ca.key 2048
openssl req -new -key  intermediate-ca.key -out  intermediate-ca.csr 
openssl x509 -req -days 4384 -in intermediate-ca.csr \
        -CA root-ca.crt -CAkey root-ca.key \
        -set_serial 1 -extfile GenerateCertificate.cfg -extensions v3_ca -out 
intermediate-ca.crt
openssl pkcs12 -export -in intermediate-ca.crt -inkey intermediate-ca.key \
        -chain -CAfile root-ca.crt -out intermediate-ca.p12
openssl pkcs12 -in intermediate-ca.p12 -out intermediate-ca.pem -nodes

leaf certificates:
export name=caldav-server
openssl genrsa -des3 -out $name.key 2048
openssl req -new -key $name.key -out $name.csr
openssl x509 -req -days 1095 -in $name.csr -CA root/intermediate-ca.crt -CAkey 
root/intermediate-ca.key \
        -set_serial 1 -out $name.crt
openssl pkcs12 -export -in $name.crt -inkey $name.key -chain -CAfile 
root/intermediate-ca.pem -out $name.p12
openssl pkcs12 -in $name.p12     -out $name.pem -nodes

And then produces chain.crt by doing:
        cat caldav-server.crt intermediate-ca.crt root-ca.crt > chain.crt

I created a virtualenv for caldav server, where I'm running Twisted 12.3.0 
(same problem appears with 12.0.0). 

Any pointer toward resolving this issue would be most helpful :)

Thanks,
Nikola


This is the output I'm getting:
2013-03-31 20:02:24+0200 [-] [caldav-0]  [-] Unhandled Error
2013-03-31 20:02:24+0200 [-] [caldav-0]         Traceback (most recent call 
last):
2013-03-31 20:02:24+0200 [-] [caldav-0]           File 
"/usr/local/caldavd/lib/python2.7/site-packages/Twisted-12.3.0-py2.7-macosx-10.7-intel.egg/twisted/python/log.py",
 line 73, in callWithContext
2013-03-31 20:02:24+0200 [-] [caldav-0]             return 
context.call({ILogContext: newCtx}, func, *args, **kw)
2013-03-31 20:02:24+0200 [-] [caldav-0]           File 
"/usr/local/caldavd/lib/python2.7/site-packages/Twisted-12.3.0-py2.7-macosx-10.7-intel.egg/twisted/python/context.py",
 line 118, in callWithContext
2013-03-31 20:02:24+0200 [-] [caldav-0]             return 
self.currentContext().callWithContext(ctx, func, *args, **kw)
2013-03-31 20:02:24+0200 [-] [caldav-0]           File 
"/usr/local/caldavd/lib/python2.7/site-packages/Twisted-12.3.0-py2.7-macosx-10.7-intel.egg/twisted/python/context.py",
 line 81, in callWithContext
2013-03-31 20:02:24+0200 [-] [caldav-0]             return func(*args,**kw)
2013-03-31 20:02:24+0200 [-] [caldav-0]           File 
"/usr/local/caldavd/lib/python2.7/site-packages/Twisted-12.3.0-py2.7-macosx-10.7-intel.egg/twisted/internet/selectreactor.py",
 line 151, in _doReadOrWrite
2013-03-31 20:02:24+0200 [-] [caldav-0]             why = getattr(selectable, 
method)()
2013-03-31 20:02:24+0200 [-] [caldav-0]         --- <exception caught here> ---
2013-03-31 20:02:24+0200 [-] [caldav-0]           File 
"/usr/local/caldavd/lib/python2.7/site-packages/twext/internet/sendfdport.py", 
line 295, in doRead
2013-03-31 20:02:24+0200 [-] [caldav-0]             description, protocol)
2013-03-31 20:02:24+0200 [-] [caldav-0]           File 
"/usr/local/caldavd/lib/python2.7/site-packages/twext/web2/metafd.py", line 
103, in createTransport
2013-03-31 20:02:24+0200 [-] [caldav-0]             
transport.startTLS(self.contextFactory)
2013-03-31 20:02:24+0200 [-] [caldav-0]           File 
"/usr/local/caldavd/lib/python2.7/site-packages/Twisted-12.3.0-py2.7-macosx-10.7-intel.egg/twisted/internet/_newtls.py",
 line 179, in startTLS
2013-03-31 20:02:24+0200 [-] [caldav-0]             startTLS(self, ctx, normal, 
FileDescriptor)
2013-03-31 20:02:24+0200 [-] [caldav-0]           File 
"/usr/local/caldavd/lib/python2.7/site-packages/Twisted-12.3.0-py2.7-macosx-10.7-intel.egg/twisted/internet/_newtls.py",
 line 139, in startTLS
2013-03-31 20:02:24+0200 [-] [caldav-0]             tlsFactory = 
TLSMemoryBIOFactory(contextFactory, client, None)
2013-03-31 20:02:24+0200 [-] [caldav-0]           File 
"/usr/local/caldavd/lib/python2.7/site-packages/Twisted-12.3.0-py2.7-macosx-10.7-intel.egg/twisted/protocols/tls.py",
 line 602, in __init__
2013-03-31 20:02:24+0200 [-] [caldav-0]             contextFactory.getContext()
2013-03-31 20:02:24+0200 [-] [caldav-0]         exceptions.AttributeError: 
'NoneType' object has no attribute 'getContext'
_______________________________________________
calendarserver-users mailing list
calendarserver-users@lists.macosforge.org
https://lists.macosforge.org/mailman/listinfo/calendarserver-users

[CalendarServer-users] Exception thrown when using chained certificates

Reply via email to