SSL: wrong/broken in FreeBSD 10.0-CURRENT?

From: O. Hartmann <ohartman_at_mail.zedat.fu-berlin.de>
Date: Fri, 30 Mar 2012 15:50:07 +0200
Sorry for the naiv headline.

I run into massive problems on all of my FreeBSD 10.0-CURRENT driven
boxes. PostgreSQL rejects accessing OpenLDAP via SSL and all clients
accessing the database and autheticating users via a SSL/TLS secured
conection to OpenLDAP refuse working. This includes some very important
facilities like textproc/refdb, databases/pgadmin3, www/mediawiki.

Mor scraing, I tried to generate for a our small network new SSL
certificates. We use since FreeBSD 8.0 small scripts for that task.
Creating a new CA certificate works fine, creating new certificate for
clients including based on the new CA.

Well, what worked half a year before doesn't anymore and I have no clue
what goes wrong.

I created a set of new CA, key and host certificate (self signed, of
course) for OpenLDAP.
Using the CA and key/cert from backup - created with the same conf and
scipts on FBSD 8/9 I use now on FBSD 10, goes "smooth", but fails
starting the OpenLDAP server.
The log output of the server is as follows:

  TLS: could not use key file `/usr/local/etc/openldap/certs/server.key'.
TLS: error:0B080074:x509 certificate routines:X509_check_private_key:key
values mismatch
/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/x509/x509_cmp.c:406
main: TLS init def ctx failed: -1
slapd stopped.
connections_destroy: nothing to destroy.
/usr/local/etc/rc.d/slapd: WARNING: failed to start slapd


As far I can dig from the web this error code "TLS: error:0B080074:x509
certificate..." s due to mismatching CN names. But why out of the sudden
should that be wrong?

Did something significantly changed in FreeBSD 10.0-CURRENT these days?

Regards,
Oliver


Received on Fri Mar 30 2012 - 11:50:31 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:25 UTC