only system CA file is respected; sslCA and/or concatentation into sslCert file no longer works

Bug #1402866 reported by James Troup
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mumble (Ubuntu)
New
Undecided
Unassigned

Bug Description

After upgrading to mumble-server 1.2.3-2ubuntu4.1 on Ubuntu 12.04.1
(having previously been on the version in Ubuntu 10.04), I found that
no clients could connect, they all failed with:

  <W>2014-12-15 23:16:45.402 1 => <1:(-1)> New connection: XX.XX.XX.XX:44311
  <W>2014-12-15 23:16:45.481 1 => <1:(-1)> SSL Error: No certificates could be verified
  <W>2014-12-15 23:16:45.528 1 => <1:(-1)> Connection closed: [-1]

We have a GoDaddy (sorry) certificate which needs an intermediate cert
for anything but web browsers so the .crt file we pass to mumble is a
concatentation of the cert + intermediates and this use to work in
Ubuntu 10.04 but no longer does. I also tried using the undocumented
'sslCA' option in /etc/mumble-server.ini without success.

In the end I had to copy the GoDaddy intermediate bundle into
/usr/local/share/ca-certificates/ and re-run update-ca-certificates.
Once I did that, clients were able to connect to mumble again.

Revision history for this message
James Troup (elmo) wrote :

I should mention http://samuel.kadolph.com/2012/05/startssl-cert-with-mumble-server-on-ubuntu-12-04/ which is what put me onto updating the system CA file.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.