Bug#529413: mumble-server: Own proper SSL certificate not taken in account

François Guerraz kubrick at fgv6.net
Tue May 19 09:04:01 UTC 2009 

Package: mumble-server
Version: 1.1.4-4+lenny1
Severity: normal

I set up a authority signed SSL certificate for use with mumble-server,
and configured the ini configuration file this way :

# If you have a proper SSL certificate, you can provide the filenames here.
sslCert=/var/lib/mumble-server/speak.xxx.net.cert.pem
sslKey=/var/lib/mumble-server/speak.xxx.net.key.pem

When I launch the server with strace, it reports that it reads the files :

--------------------
open("/var/lib/mumble-server/speak.xxx.net.cert.pem",
O_RDONLY|O_LARGEFILE) = 11
fcntl64(11, F_SETFD, FD_CLOEXEC)        = 0
stat64("/var/lib/mumble-server/speak.xxx.net.cert.pem",
{st_mode=S_IFREG|0644, st_size=6748, ...}) = 0
stat64("/var/lib/mumble-server/speak.xxx.net.cert.pem",
{st_mode=S_IFREG|0644, st_size=6748, ...}) = 0
stat64("/var/lib/mumble-server/speak.xxx.cert.pem",
{st_mode=S_IFREG|0644, st_size=6748, ...}) = 0
fstat64(11, {st_mode=S_IFREG|0644, st_size=6748, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb77b1000
read(11, "Certificate:\n    Data:\n        Ve"..., 4096) = 4096
read(11, ":db:96:f0:44:08:7e:2b:d3:\n       "..., 4096) = 2652
read(11, ""..., 4096)                   = 0
close(11)                               = 0
munmap(0xb77b1000, 4096)                = 0
open("/var/lib/mumble-server/speak.xxx.net.key.pem",
O_RDONLY|O_LARGEFILE) = 11
fcntl64(11, F_SETFD, FD_CLOEXEC)        = 0
stat64("/var/lib/mumble-server/speak.xxx.net.key.pem",
{st_mode=S_IFREG|0640, st_size=3243, ...}) = 0
stat64("/var/lib/mumble-server/speak.xxx.net.key.pem",
{st_mode=S_IFREG|0640, st_size=3243, ...}) = 0
stat64("/var/lib/mumble-server/speak.xxx.net.key.pem",
{st_mode=S_IFREG|0640, st_size=3243, ...}) = 0
fstat64(11, {st_mode=S_IFREG|0640, st_size=3243, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb77b1000
read(11, "-----BEGIN RSA PRIVATE KEY-----\nM"..., 4096) = 3243
read(11, ""..., 4096)                   = 0
close(11)                               = 0
------------------

But when I connect to the server with debian lenny's client, the
certificate the server presents is still a self signed one



-- System Information:
Debian Release: 5.0.1
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: i386 (i686)

Kernel: 2.6.28.4-xxxx-std-ipv6-32 (SMP)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

More information about the Pkg-voip-maintainers mailing list