[CalendarServer-users] Exception thrown when using chained certificates
Glyph
glyph at twistedmatrix.com
Tue Apr 2 16:15:20 PDT 2013
On Apr 2, 2013, at 9:46 AM, Nikola Knežević <laladelausanne at gmail.com> wrote:
> On Apr 2, 2013, at 18:17 , Glyph wrote:
>
>> Still not sure; I need to go do some testing of my own, but can you check on something? I think this line might be a clue:
>>
>> On Apr 1, 2013, at 1:50 AM, Nikola Knežević <laladelausanne at gmail.com> wrote:
>>
>>> 2013-04-01 10:46:39+0200 [-] [caldav-0] [-] /usr/local/caldavd/lib/python2.7/site-packages/Twisted-12.3.0-py2.7-macosx-10.7-intel.egg/twisted/python/util.py:560: exceptions.UserWarning: tried to drop privileges and setuid 93 but uid is already 93; should we be root? Continuing.
>>
>> Is your SSL cert (including private key & any chain certs) readable by UID 93?
>
>
> Hi Glyph,
>
> sure, can gladly check anything on my computer :)
>
> Yes, it is readable:
>
> /usr/local/caldavd/etc % ll
> total 176
> ..snip..
> -rw-r--r-- 1 _calendar _calendar 1358 Mar 26 02:53 accounts.xml
> -rw-r--r-- 1 _calendar _calendar 864 Mar 28 23:14 augments.xml
> -rw-r--r-- 1 _calendar _calendar 1131 Mar 29 21:38 caldav-server.crt
> -rw-r--r-- 1 _calendar _calendar 1743 Mar 29 21:38 caldav-server.key
> -rw-r--r-- 1 _calendar _calendar 6952 Mar 30 11:31 caldav-server.pem
> ..snip…
>
> /usr/local/caldavd/etc % id 93
> uid=93(_calendar) gid=93(_calendar) groups=93(_calendar),405(com.apple.sharepoint.group.4),12(everyone),29(certusers),30(_keytabusers),61(localaccounts),216(_postgres)
OK, Nikola, I can't seem to reproduce your issue myself. If you have any other information that you think is germane, please let me know. Can you load the certificate with OpenSSL? Can you point another web server at it - not caldavd - and speak to clients with it?
-glyph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-users/attachments/20130402/08657a7b/attachment.html>
More information about the calendarserver-users
mailing list