On Wed, 4 Jul 2018, Roger Price wrote:
I tried adding SSL/TLS support to NUT following the User Manual chapter 9.5
"Configuring SSL".
Jul 04 10:49:05 maria upsd[4744]: upsd.conf: invalid directive CERTFILE
/etc/nut/keys/gold.pem
I tried again with openSUSE 42.3 and could not reproduce this error. All went
well and I saw the desired SSL/TLS activation:
● nut-server.service - Network UPS Tools - power devices information server
Jul 07 11:01:40 titan upsd[2926]: User [email protected] logged into UPS
[Eaton] (SSL)
Jul 07 11:01:40 titan upsd[2926]: User [email protected] logged into UPS
[heartbeat] (SSL)
● nut-monitor.service - Network UPS Tools - power device monitor and shutdow
controller
Jul 07 11:01:40 titan upsmon[2931]: Connected to localhost in SSL
Jul 07 11:01:40 titan upsmon[2931]: Connected to localhost in SSL
It looks as if Debian has a theological problem with the OpenSSL license seen as
tainting GNU GPL.
See
1. Debian bug report 871951 Aug 2017:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871951 "nut: Invalid SSL
directives", which refers to Ubuntu bug 1014347 June 2012:
https://bugs.launchpad.net/ubuntu/+source/nut/+bug/1014347 "NUT License prevents
distribution of SSL-enabled builds".
2. Source file debian/nut.README.Debian says:
SECURITY CONSIDERATIONS
-----------------------
... the TCP communications between ... UNENCRYPTED. ... sniff the username and
password. A version that encrypts the connection using SSL should be available
someday.
Since it looks as if this will never be fixed on Debian, I suggest
* The User Manual section 9.5 should include a « Not on Debian » warning.
* The "invalid directive CERTFILE" should be changed to something like
"CERTFILE, OpenSSL not available".
Roger
_______________________________________________
Nut-upsuser mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser
