Re: Permission denied while openig a certificate

Israel Fernández Cabrera Sat, 15 Oct 2005 15:19:05 -0700

That is a good question but I "guess" it is.. please see the attached
files for more information.
They are...


lsoutput.txt: I made ls in all the path to the certificates files
mysqld.log: Mysqld log file, interesting because it contains the
specific error, openssl .c files, line numbers (that by the way does
not match with the actual file, because of comment I guess), and
more..
strace.txt: a fragment of the mysqld strace output with the failing open call...

I must thak you for the help and interest

best regards

Israel

--
____________________
Israel Fdez. Cabrera
[EMAIL PROTECTED]

#>ls / | grep etc
drwxr-xr-x   83 root root   12288 Oct 15 16:50 etc

#>ls /etc | grep pki
drwxr-xr-x   7 root root    4096 Oct 14 17:51 pki

#>ls /etc/pki
total 104
drwxr-xr-x  3 root root 4096 Oct 14 21:46 CA
drwxr-xr-x  3 root root 4096 Oct  8 16:54 dovecot
-rwxr-xr-x  1 root root 1088 Oct  8 16:54 gencert.sh
-rwxr-xr-x  1 root root 1056 Oct  8 16:54 gencert.sh~
-rw-r--r--  1 root root  236 Oct  8 16:54 index.txt
-rw-r--r--  1 root root   21 Oct  8 16:54 index.txt.attr
-rw-r--r--  1 root root   21 Oct  8 16:54 index.txt.attr.old
-rw-r--r--  1 root root  118 Oct  8 16:54 index.txt.old
drwxr-xr-x  2 root root 4096 Oct  8 16:54 newcerts
drwxr-xr-x  2 root root 4096 Oct  8 16:54 rpm-gpg
-rw-r--r--  1 root root    3 Oct  8 16:54 serial
-rw-r--r--  1 root root    3 Oct  8 16:54 serial.old
drwxr-xr-x  5 root root 4096 Oct 14 17:51 tls

#>ls /etc/pki/tls
total 40
lrwxrwxrwx  1 root root   19 Oct  8 16:54 cert.pem -> certs/ca-bundle.crt
drwxr-xr-x  2 root root 4096 Oct 15 14:18 certs
drwxr-xr-x  2 root root 4096 Oct  8 16:54 misc
-r--r--r--  1 root root 7998 Oct 14 17:59 openssl.cnf
drwxr-xr-x  2 root root 4096 Oct  8 16:54 private

#>ls /etc/pki/tls/certs
total 492
-rw-r--r--  1 root root  427833 Oct  8 16:54 ca-bundle.crt
-rw-r--r--  1 root root    3617 Oct 14 21:46 client-cert.pem
-rw-r--r--  1 root mysql    887 Oct  8 16:54 client-key.pem
-rw-r--r--  1 root mysql    769 Oct  8 16:54 client-req.pem
-rw-r--r--  1 root root     610 Oct  8 16:54 make-dummy-cert
-rw-r--r--  1 root root    2240 Oct  8 16:54 Makefile
-rw-r--r--  1 root root    3617 Oct 14 21:46 server-cert.pem
-rw-r--r--  1 root root     887 Oct 14 21:46 server-key.pem
-rw-r--r--  1 root mysql    769 Oct  8 16:54 server-req.pem

mysqld.log
Description: Binary data

open("/etc/pki/tls/certs/server-cert.pem", O_RDONLY) = -1 EACCES (Permission 
denied)
write(2, "Error when connection to server "..., 42) = 42
write(2, "1872:error:0200100D:system libra"..., 122) = 122
write(2, "1872:error:20074002:BIO routines"..., 70) = 70
write(2, "1872:error:140AD002:SSL routines"..., 88) = 88
write(2, "Unable to get certificate from \'"..., 68) = 68
open("/etc/pki/CA/cacert.pem", O_RDONLY) = -1 EACCES (Permission denied)
open("/etc/pki/tls/cert.pem", O_RDONLY) = -1 EACCES (Permission denied)
time([1129246383])                      = 1129246383
open("/dev/urandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) = -1 EACCES (Permission 
denied)
open("/dev/random", O_RDONLY|O_NONBLOCK|O_NOCTTY) = -1 EACCES (Permission 
denied)
open("/dev/srandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) = -1 ENOENT (No such file or 
directory)
socket(PF_FILE, SOCK_STREAM, 0)         = 3
connect(3, {sa_family=AF_FILE, path="/var/run/egd-pool"}, 19) = -1 ENOENT (No 
such file or directory)
close(3)                                = 0
socket(PF_FILE, SOCK_STREAM, 0)         = 3

Re: Permission denied while openig a certificate

Reply via email to