Package: ircd-hybrid Version: 1:8.2.0+dfsg.1-2.ssl1 Severity: normal Tags: upstream patch
Dear Maintainer, * What led up to the situation? Configuring ircd-hybrid to use an SSL certificate that is issued by an intermediate CA certificate. The intermediate certificate was appended to the certificate pem file as works with many other servers. * What exactly did you do (or not do) that was effective (or ineffective)? Applied this patch and rebuilt the package. I have a similar patch for the ircd-hybrid in stable. diff --git a/src/conf_parser.c b/src/conf_parser.c index 5f43e69..85d54c6 100644 --- a/src/conf_parser.c +++ b/src/conf_parser.c @@ -2983,10 +2983,10 @@ yyreduce: break; } - if (SSL_CTX_use_certificate_file(ConfigServerInfo.server_ctx, yylval.string, - SSL_FILETYPE_PEM) <= 0 || - SSL_CTX_use_certificate_file(ConfigServerInfo.client_ctx, yylval.string, - SSL_FILETYPE_PEM) <= 0) + if (SSL_CTX_use_certificate_chain_file(ConfigServerInfo.server_ctx, + yylval.string) <= 0 || + SSL_CTX_use_certificate_chain_file(ConfigServerInfo.client_ctx, + yylval.string) <= 0) { report_crypto_errors(); conf_error_report("Could not open/read certificate file"); * What was the outcome of this action? The intermediate certificate was sent to the client. * What outcome did you expect instead? -- System Information: Debian Release: jessie/sid APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages ircd-hybrid depends on: ii debconf [debconf-2.0] 1.5.53 ii libc6 2.19-13 ii libgeoip1 1.6.2-1 ii libltdl7 2.4.2-1.11 ii libssl1.0.0 1.0.1j-1 ii openssl 1.0.1j-1 Versions of packages ircd-hybrid recommends: pn whois <none> Versions of packages ircd-hybrid suggests: pn hybserv <none> -- Configuration Files: /etc/ircd-hybrid/cert.cnf [Errno 13] Permission denied: u'/etc/ircd-hybrid/cert.cnf' /etc/ircd-hybrid/cresv.conf [Errno 13] Permission denied: u'/etc/ircd-hybrid/cresv.conf' /etc/ircd-hybrid/dline.conf [Errno 13] Permission denied: u'/etc/ircd-hybrid/dline.conf' /etc/ircd-hybrid/ircd.conf [Errno 13] Permission denied: u'/etc/ircd-hybrid/ircd.conf' /etc/ircd-hybrid/ircd.motd [Errno 13] Permission denied: u'/etc/ircd-hybrid/ircd.motd' /etc/ircd-hybrid/kline.conf [Errno 13] Permission denied: u'/etc/ircd-hybrid/kline.conf' /etc/ircd-hybrid/nresv.conf [Errno 13] Permission denied: u'/etc/ircd-hybrid/nresv.conf' /etc/ircd-hybrid/xline.conf [Errno 13] Permission denied: u'/etc/ircd-hybrid/xline.conf' -- debconf information: * ircd-hybrid/upgrade_no_services_warn: true ircd-hybrid/upgrade_to_nossl_warn: true ircd-hybrid/upgrade_secure_links_warn: true ircd-hybrid/restart_on_upgrade: true -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org