[CalendarServer-users] Exception thrown when using chained certificates

Glyph glyph at twistedmatrix.com
Tue Apr 2 16:15:20 PDT 2013


On Apr 2, 2013, at 9:46 AM, Nikola Knežević <laladelausanne at gmail.com> wrote:

> On Apr 2, 2013, at 18:17 , Glyph wrote:
> 
>> Still not sure; I need to go do some testing of my own, but can you check on something?  I think this line might be a clue:
>> 
>> On Apr 1, 2013, at 1:50 AM, Nikola Knežević <laladelausanne at gmail.com> wrote:
>> 
>>> 2013-04-01 10:46:39+0200 [-] [caldav-0]  [-] /usr/local/caldavd/lib/python2.7/site-packages/Twisted-12.3.0-py2.7-macosx-10.7-intel.egg/twisted/python/util.py:560: exceptions.UserWarning: tried to drop privileges and setuid 93 but uid is already 93; should we be root? Continuing.
>> 
>> Is your SSL cert (including private key & any chain certs) readable by UID 93?
> 
> 
> Hi Glyph,
> 
> sure, can gladly check anything on my computer :)
> 
> Yes, it is readable:
> 
> /usr/local/caldavd/etc % ll
> total 176
> ..snip..
> -rw-r--r--  1 _calendar  _calendar   1358 Mar 26 02:53 accounts.xml
> -rw-r--r--  1 _calendar  _calendar    864 Mar 28 23:14 augments.xml
> -rw-r--r--  1 _calendar  _calendar   1131 Mar 29 21:38 caldav-server.crt
> -rw-r--r--  1 _calendar  _calendar   1743 Mar 29 21:38 caldav-server.key
> -rw-r--r--  1 _calendar  _calendar   6952 Mar 30 11:31 caldav-server.pem
> ..snip…
> 
> /usr/local/caldavd/etc % id 93
> uid=93(_calendar) gid=93(_calendar) groups=93(_calendar),405(com.apple.sharepoint.group.4),12(everyone),29(certusers),30(_keytabusers),61(localaccounts),216(_postgres)

OK, Nikola, I can't seem to reproduce your issue myself.  If you have any other information that you think is germane, please let me know.  Can you load the certificate with OpenSSL?  Can you point another web server at it - not caldavd - and speak to clients with it?

-glyph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-users/attachments/20130402/08657a7b/attachment.html>


More information about the calendarserver-users mailing list