[Bug 1402866] [NEW] only system CA file is respected; sslCA and/or concatentation into sslCert file no longer works
James Troup
james.troup at canonical.com
Mon Dec 15 23:36:36 UTC 2014
Public bug reported:
After upgrading to mumble-server 1.2.3-2ubuntu4.1 on Ubuntu 12.04.1
(having previously been on the version in Ubuntu 10.04), I found that
no clients could connect, they all failed with:
<W>2014-12-15 23:16:45.402 1 => <1:(-1)> New connection: XX.XX.XX.XX:44311
<W>2014-12-15 23:16:45.481 1 => <1:(-1)> SSL Error: No certificates could be verified
<W>2014-12-15 23:16:45.528 1 => <1:(-1)> Connection closed: [-1]
We have a GoDaddy (sorry) certificate which needs an intermediate cert
for anything but web browsers so the .crt file we pass to mumble is a
concatentation of the cert + intermediates and this use to work in
Ubuntu 10.04 but no longer does. I also tried using the undocumented
'sslCA' option in /etc/mumble-server.ini without success.
In the end I had to copy the GoDaddy intermediate bundle into
/usr/local/share/ca-certificates/ and re-run update-ca-certificates.
Once I did that, clients were able to connect to mumble again.
** Affects: mumble (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Debian
VoIP Team, which is subscribed to mumble in Ubuntu.
https://bugs.launchpad.net/bugs/1402866
Title:
only system CA file is respected; sslCA and/or concatentation into
sslCert file no longer works
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mumble/+bug/1402866/+subscriptions
More information about the Pkg-voip-maintainers
mailing list