> I am trying to enable SSL support for gluster (i have read this post: > http://nongnu.13855.n7.nabble.com/Glusterfs-SSL-capability-td168156.html > too, and get through sources) but i am lost with the settings. I have > enabled both options on the volume: > > volume set gv0 client.ssl on > volume set gv0 server.ssl on > > also i have put all the certs in /etc/ssl/ (i have generated my own CA + > client certificates for both servers mx1 and mx2) - all seems correct but i > still getting: > > [2014-01-23 14:23:46.332041] E [socket.c:2258:socket_poller] 0-gv0-client-1: > client setup failed > [2014-01-23 14:23:46.732281] E [socket.c:304:ssl_setup_connection] > 0-gv0-client-0: SSL connect error > [2014-01-23 14:23:46.732319] E [socket.c:174:ssl_dump_error_stack] > 0-gv0-client-0: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed > > i really tried all possible cert configurations and i think i am hitting wall > here. Any tips?
Are you sure that you have all three files - cert, key, CA - installed on both servers *and clients*? It's not clear from what you've described whether the client that's failing is one of the servers or a separate machine. In all cases, the servers' certs need to be in the clients' CA file, and vice versa. You could also try looking at tests/bugs/bug-873367.t in any GlusterFS source tree, which might shed some light on how these files are generated in testing. _______________________________________________ Gluster-devel mailing list Gluster-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/gluster-devel
