only system CA file is respected; sslCA and/or concatentation into sslCert file no longer works
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mumble (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
After upgrading to mumble-server 1.2.3-2ubuntu4.1 on Ubuntu 12.04.1
(having previously been on the version in Ubuntu 10.04), I found that
no clients could connect, they all failed with:
<W>2014-12-15 23:16:45.402 1 => <1:(-1)> New connection: XX.XX.XX.XX:44311
<W>2014-12-15 23:16:45.481 1 => <1:(-1)> SSL Error: No certificates could be verified
<W>2014-12-15 23:16:45.528 1 => <1:(-1)> Connection closed: [-1]
We have a GoDaddy (sorry) certificate which needs an intermediate cert
for anything but web browsers so the .crt file we pass to mumble is a
concatentation of the cert + intermediates and this use to work in
Ubuntu 10.04 but no longer does. I also tried using the undocumented
'sslCA' option in /etc/mumble-
In the end I had to copy the GoDaddy intermediate bundle into
/usr/local/
Once I did that, clients were able to connect to mumble again.
I should mention http:// samuel. kadolph. com/2012/ 05/startssl- cert-with- mumble- server- on-ubuntu- 12-04/ which is what put me onto updating the system CA file.