Your message dated Sat, 30 May 2009 13:20:07 +0200
with message-id <[email protected]>
and subject line Re: Bug#529413: mumble-server: Own proper SSL certificate not
taken in account
has caused the Debian Bug report #529413,
regarding mumble-server: Own proper SSL certificate not taken in account
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
529413: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529413
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: mumble-server
Version: 1.1.4-4+lenny1
Severity: normal
I set up a authority signed SSL certificate for use with mumble-server,
and configured the ini configuration file this way :
# If you have a proper SSL certificate, you can provide the filenames here.
sslCert=/var/lib/mumble-server/speak.xxx.net.cert.pem
sslKey=/var/lib/mumble-server/speak.xxx.net.key.pem
When I launch the server with strace, it reports that it reads the files :
--------------------
open("/var/lib/mumble-server/speak.xxx.net.cert.pem",
O_RDONLY|O_LARGEFILE) = 11
fcntl64(11, F_SETFD, FD_CLOEXEC) = 0
stat64("/var/lib/mumble-server/speak.xxx.net.cert.pem",
{st_mode=S_IFREG|0644, st_size=6748, ...}) = 0
stat64("/var/lib/mumble-server/speak.xxx.net.cert.pem",
{st_mode=S_IFREG|0644, st_size=6748, ...}) = 0
stat64("/var/lib/mumble-server/speak.xxx.cert.pem",
{st_mode=S_IFREG|0644, st_size=6748, ...}) = 0
fstat64(11, {st_mode=S_IFREG|0644, st_size=6748, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb77b1000
read(11, "Certificate:\n Data:\n Ve"..., 4096) = 4096
read(11, ":db:96:f0:44:08:7e:2b:d3:\n "..., 4096) = 2652
read(11, ""..., 4096) = 0
close(11) = 0
munmap(0xb77b1000, 4096) = 0
open("/var/lib/mumble-server/speak.xxx.net.key.pem",
O_RDONLY|O_LARGEFILE) = 11
fcntl64(11, F_SETFD, FD_CLOEXEC) = 0
stat64("/var/lib/mumble-server/speak.xxx.net.key.pem",
{st_mode=S_IFREG|0640, st_size=3243, ...}) = 0
stat64("/var/lib/mumble-server/speak.xxx.net.key.pem",
{st_mode=S_IFREG|0640, st_size=3243, ...}) = 0
stat64("/var/lib/mumble-server/speak.xxx.net.key.pem",
{st_mode=S_IFREG|0640, st_size=3243, ...}) = 0
fstat64(11, {st_mode=S_IFREG|0640, st_size=3243, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb77b1000
read(11, "-----BEGIN RSA PRIVATE KEY-----\nM"..., 4096) = 3243
read(11, ""..., 4096) = 0
close(11) = 0
------------------
But when I connect to the server with debian lenny's client, the
certificate the server presents is still a self signed one
-- System Information:
Debian Release: 5.0.1
APT prefers stable
APT policy: (990, 'stable')
Architecture: i386 (i686)
Kernel: 2.6.28.4-xxxx-std-ipv6-32 (SMP)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---
Per-server configuration always overrides the fallback configuration.
The fallback is the .ini file, and the server-specific is stored in the
database.
When the selfsigned certificate is generated (which happens only if
there is no fallback), that is a server-specifc one, so it goes in the
database. So the .ini cert you filled in later would only be used for
new virtual servers.
Normally, per-server config can only be set over dbus or Ice, but since
this is a somewhat common problem, you can pass '-wipessl' to murmurd
and it will remove all certs in the database.
Since you are (hopefully) using the system-wide installation, you'll
need to use something like
su mumble-server -s /bin/sh -c "/usr/sbin/murmurd -ini
/etc/mumble-server.ini -wipessl"
--- End Message ---
