Citeren [email protected]:
With a clean trunk checkout, compile and installation; and with the
following config :
upsmon.conf:
CERTPATH /usr/local/ups/etc/cert/
CERTVERIFY 1
FORCESSL 1
First off, you're not supposed to use both CERTVERIFY and FORCESSL.
FORCESSL is intended to be used in cases you can't verify the validity
of a certificate, but still want to enforce the use of any presented.
See the 'docs/ssl.txt' from the nut-2.4.3 branch (this file didn't
make it into AsciiDoc).
So, do I misunderstand CERTVERIFY directive ? Or is there a bug ?
Can you reproduce such behaviour ?
I'm not sure what is going on. Can you try running 'upsmon' with
debugging enabled? The following are the results of my tests here. In
all cases, the upsd server is running with a valid PositiveSSL
certificate (so the root CA that signed this certificate is trusted
without further configuration):
upsmon.conf (valid):
CERTPATH /etc/ssl/certs/
CERTVERIFY 1
#upsmon -DD
Network UPS Tools upsmon 2.6.0-pre1-2819
0.000000 UPS: mge-usb@localhost (master) (power value 1)
0.000457 Using power down flag file /etc/killpower
0.000962 debug level is '2'
0.003348 Trying to connect to UPS [mge-usb@localhost]
0.024697 Logged into UPS mge-usb@localhost
0.025804 pollups: mge-usb@localhost [SSL]
0.026283 parse_status: [OL CHRG]
-----------
upsmon.conf (demo CA, not the one that signed the server certificate):
CERTPATH /etc/ssl/certs/demo
CERTVERIFY 1
#upsmon -DD
Network UPS Tools upsmon 2.6.0-pre1-2819
0.000000 UPS: mge-usb@localhost (master) (power value 1)
0.000465 Using power down flag file /etc/killpower
0.001071 debug level is '2'
0.003841 Trying to connect to UPS [mge-usb@localhost]
0.016105 Can't set username on [mge-usb@localhost]: SSL error:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
5.016263 pollups: mge-usb@localhost
5.016345 Poll UPS [mge-usb@localhost] failed - Driver not connected
5.016368 do_notify: ntype 0x0005 (COMMBAD)
5.016402 Communications with UPS mge-usb@localhost lost
5.016771 Dropping connection to UPS [mge-usb@localhost]
-----------
upsmon.conf (empty directory):
CERTPATH /etc/ssl/certs/empty
CERTVERIFY 1
# upsmon -DD
Network UPS Tools upsmon 2.6.0-pre1-2819
0.000000 UPS: mge-usb@localhost (master) (power value 1)
0.000481 Using power down flag file /etc/killpower
0.000942 debug level is '2'
0.004245 Trying to connect to UPS [mge-usb@localhost]
0.016430 Can't set username on [mge-usb@localhost]: SSL error:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
5.016599 pollups: mge-usb@localhost
5.016682 Poll UPS [mge-usb@localhost] failed - Driver not connected
5.016705 do_notify: ntype 0x0005 (COMMBAD)
5.016724 Communications with UPS mge-usb@localhost lost
5.017086 Dropping connection to UPS [mge-usb@localhost]
-----------
So whatever I try, if a valid certificate is not found, upsmon doesn't
seem to connect.
Best regards, Arjen
--
Please keep list traffic on the list (off-list replies will be rejected)
_______________________________________________
Nut-upsdev mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/nut-upsdev
