[Nut-upsuser] SSL only working in DEBUG mode

Charles Lepple clepple at gmail.com
Thu Mar 26 00:01:08 UTC 2015


On Mar 25, 2015, at 1:47 PM, Emilien Kia <kiae.dev at gmail.com> wrote:

> What I will do is to move ssl initializing after usering and forking, than add key file right checking where ssl was initialized before (before forking).
> As keys should be owned by nut user, this would not be a problem.
> And moving this code, independently of SSL implementation (OpenSSL or NSS) should work. And will not add more code implementation dependent.
> 
> Charles, Arnaud ? Ok with that ?


It is disappointing that NSS cannot easily handle forking - I typically set up Apache+OpenSSL to read the key before dropping root privileges, and it would be nice if NUT could do something similar.

But it sounds complicated (I briefly looked at the osdir mailing list thread), and with keys stored in memory either way, you might as well initialize after forking.

-- 
Charles Lepple
clepple at gmail



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/nut-upsuser/attachments/20150325/645ff745/attachment.html>


More information about the Nut-upsuser mailing list