Package: ircd-hybrid
Version: 1:8.2.0+dfsg.1-2.ssl1
Severity: normal
Tags: upstream patch
Dear Maintainer,
* What led up to the situation?
Configuring ircd-hybrid to use an SSL certificate that is issued by an
intermediate CA certificate. The intermediate certificate was appended
to the certificate pem file as works with many other servers.
* What exactly did you do (or not do) that was effective (or
ineffective)?
Applied this patch and rebuilt the package. I have a similar patch for
the ircd-hybrid in stable.
diff --git a/src/conf_parser.c b/src/conf_parser.c
index 5f43e69..85d54c6 100644
--- a/src/conf_parser.c
+++ b/src/conf_parser.c
@@ -2983,10 +2983,10 @@ yyreduce:
break;
}
- if (SSL_CTX_use_certificate_file(ConfigServerInfo.server_ctx,
yylval.string,
- SSL_FILETYPE_PEM) <= 0 ||
- SSL_CTX_use_certificate_file(ConfigServerInfo.client_ctx,
yylval.string,
- SSL_FILETYPE_PEM) <= 0)
+ if (SSL_CTX_use_certificate_chain_file(ConfigServerInfo.server_ctx,
+ yylval.string) <= 0 ||
+ SSL_CTX_use_certificate_chain_file(ConfigServerInfo.client_ctx,
+ yylval.string) <= 0)
{
report_crypto_errors();
conf_error_report("Could not open/read certificate file");
* What was the outcome of this action?
The intermediate certificate was sent to the client.
* What outcome did you expect instead?
-- System Information:
Debian Release: jessie/sid
APT prefers testing-updates
APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages ircd-hybrid depends on:
ii debconf [debconf-2.0] 1.5.53
ii libc6 2.19-13
ii libgeoip1 1.6.2-1
ii libltdl7 2.4.2-1.11
ii libssl1.0.0 1.0.1j-1
ii openssl 1.0.1j-1
Versions of packages ircd-hybrid recommends:
pn whois <none>
Versions of packages ircd-hybrid suggests:
pn hybserv <none>
-- Configuration Files:
/etc/ircd-hybrid/cert.cnf [Errno 13] Permission denied:
u'/etc/ircd-hybrid/cert.cnf'
/etc/ircd-hybrid/cresv.conf [Errno 13] Permission denied:
u'/etc/ircd-hybrid/cresv.conf'
/etc/ircd-hybrid/dline.conf [Errno 13] Permission denied:
u'/etc/ircd-hybrid/dline.conf'
/etc/ircd-hybrid/ircd.conf [Errno 13] Permission denied:
u'/etc/ircd-hybrid/ircd.conf'
/etc/ircd-hybrid/ircd.motd [Errno 13] Permission denied:
u'/etc/ircd-hybrid/ircd.motd'
/etc/ircd-hybrid/kline.conf [Errno 13] Permission denied:
u'/etc/ircd-hybrid/kline.conf'
/etc/ircd-hybrid/nresv.conf [Errno 13] Permission denied:
u'/etc/ircd-hybrid/nresv.conf'
/etc/ircd-hybrid/xline.conf [Errno 13] Permission denied:
u'/etc/ircd-hybrid/xline.conf'
-- debconf information:
* ircd-hybrid/upgrade_no_services_warn: true
ircd-hybrid/upgrade_to_nossl_warn: true
ircd-hybrid/upgrade_secure_links_warn: true
ircd-hybrid/restart_on_upgrade: true
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
