Bug#912522: marked as done ([OpenSSL 1.1.1] error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed)

Wed, 31 Oct 2018 19:48:19 -0700 

Your message dated Thu, 1 Nov 2018 03:37:47 +0100
with message-id <[email protected]>
and subject line 
has caused the Debian Bug report #912522,
regarding [OpenSSL 1.1.1] error:1417C086:SSL 
routines:tls_process_client_certificate:certificate verify failed
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
912522: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912522
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Severity: important
Package: munin-node
Version: 2.0.37-2

Dear maintainer,

I've upgraded my Debian Buster system to OpenSSL 1.1.1-1 (and
libnet-ssleay-perl 1.85-2). Now it's impossible to use paranoid TLS
setup at Munin-Node:

> tls paranoid
> tls_verify_certificate yes
> tls_private_key /etc/ssl/private/example_server.key
> tls_certificate /etc/ssl/certs/example_server.crt
> tls_ca_certificate /etc/ssl/certs/example_ca.crt
> tls_verify_depth 3

Log output:

> CONNECT TCP Peer: "[2001:db8::cafe]:45907" Local: "[2001:db8::beef]:4949"
> [ERROR] Could not enable TLS:  5147: 1 - error:1417C086:SSL 
> routines:tls_process_client_certificate:certificate verify failed
> ERROR: Could not establish TLS connection. Closing. at 
> /usr/share/perl5/Munin/Node/Server.pm line 299, <STDIN> line 1.

I've used the same setup before without any problems. Same config is
still active and working on other Jessie and Stretch systems.

However it's running fine in non-paranoid mode:

> tls enabled
> tls_verify_certificate no
> tls_private_key /etc/ssl/private/example_server.key
> tls_certificate /etc/ssl/certs/example_server.crt

Any ideas what's going wrong? Anything I could check?

btw: My Munin-Master is running at Debian Jessie.

-- 
With kind regards,
Christian Schrötter

--- End Message ---
--- Begin Message --- 
X-CrossAssassin-Score: 2193

--- End Message ---

Reply via email to