Re: [WWWOFFLE-Users] SSL certificates

Tue, 21 Aug 2007 21:06:57 -0700 

Andy Rabagliati <[EMAIL PROTECTED]> writes:

>   I have a slightly different use-case for wwwoffle - I scoop websites
>   on one machine with wwwoffle, tar up the files, and pass them to
>   another machine via UUCP.
> 
>   It allows me to provide web services for disconnected networks.
> 
>   I am upgrading to the latest version of wwwoffle, and have bumped into
>   a problem or two.
> 
>   First, using Ubuntu Feisty and wwwoffle 2.9a-2 the creation of root
>   certificates is not reliable on startup - I often get an empty file.
>   There seems to be some discussion of this on the list, and maybe I
>   need a newer version.

Which list?  There was one message to wwwoffle-users in February but
the cause of the problem was never resolved then.

I don't know why you would get an empty file, there should be an error
message given at the time that this happens.  For the most recent
version of WWWOFFLE (2.9c) I have added extra error messages
explaining what to do if the file is found to be empty.

>   Second, the path to those certificates seems to be hardcoded into the
>   binary, at /etc/wwwoffle/certificates.

The path is the one that is given by the spool-dir option in the
configuration file.  The "certificates" directory should appear
alongside the "http", "outgoing" and other directories.  This is what
happens in the version of WWWOFFLE that I wrote, perhaps Ubuntu have
been messing around.

>   First prize for me is a way to disable all the SSL stuff completely,
>   as all this happens unattended so SSL is not that necessary.

To do this is easy, just configure WWWOFFLE with the
'--without-gnutls' option.

>   For the moment I now run the master wwwoffle as the uucp user (ugh)
>   and all instances share the certificates.
> 
>   Next best would be to be able to configure the certificate path, so I
>   can have it as a different owner. 'strings' on the binary (have not
>   looked at the source yet) suggests ownership and permissions of the
>   certificates is important.

Certainly the ownership and permissions of the certificates are
important.  A fake certificate can allow a lot of problems to be
caused.

-- 
Andrew.
----------------------------------------------------------------------
Andrew M. Bishop                             [EMAIL PROTECTED]
                                      http://www.gedanken.demon.co.uk/

WWWOFFLE users page:
        http://www.gedanken.demon.co.uk/wwwoffle/version-2.9/user.html

Reply via email to