Hi, I spent quite some time pulling my hair out and trying to figure out why NUT wasn't working properly with SSL enabled. I tried several approaches until I found something interesting.
I'm using NUT 2.7.1 in Ubuntu Server 14.04 Trusty Tahr After properly configuring a self signed certificate with "certutil" from libnss3-tools, there was no way to get proper SSL connection eventhough upsd didn't complain in logs. Shell# upsc TEST Init SSL without certificate database Connecting in SSL to 'localhost' (no certificate name specified) Error while connecting to localhost, disconnect Error: Unknown error I then tried, for the sake of understanding, to compile the package in a test environment with OpenSSL support instead of LibNSS and it worked right away without trouble, provided I supplied the PEM "crt + key" combo file. Back to the regular distro packages, I really tried hard to understand what was wrong until I managed to get it working! Putting - UPSD_OPTIONS="-D" - in /etc/nut/nut.conf and "service nut-server restart" (which does not detach from the shell of course) made the whole system work! "upsmon" was happy as well as "upsc TEST" too! Shell# upsc TEST Init SSL without certificate database Connecting in SSL to 'localhost' (no certificate name specified) Do not intend to authenticate server localhost SSL handshake done successfully with server localhost Connected to localhost in SSL Certificate verification is disabled [...] I first thought this was "start-stop-daemon" fault so I tried in standalone mode. Shell# /lib/nut/dummy-ups -a TEST Shell# upsd Shell# ps axu [...] nut 19116 0.0 0.0 37688 772 ? Ss 18:35 0:00 /lib/nut/dummy-ups -a APC nut 19119 0.0 0.0 77296 6548 ? Ss 18:36 0:00 upsd Here, trying "upsc TEST" fails again! So, there's definitely something wrong here when "upsd" detaches itself from the calling shell which makes SSL choke, at least with LibNSS! I've browsed the GIT commit history from release 2.7.1 to current state and I didn't see any commit that would make me think the problem was already addressed. Could someone look into it please? :-) -- Unix _IS_ user friendly, it's just selective about who its friends are.
_______________________________________________ Nut-upsuser mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/nut-upsuser
