Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Warning about ca.pem should make clear it's not mandatory. #309

Closed
DjSlash opened this Issue Sep 27, 2012 · 4 comments

Comments

Projects
None yet
3 participants
Contributor

DjSlash commented Sep 27, 2012

We need to clearify in the log messages that ca.pem is missing, but that file is not mandatory to have the ssl modules loaded. Maybe add a line at modules.conf.example too.

Contributor

DjSlash commented Sep 27, 2012

In addition:
22:12 <%slush> no, ca.pem is not mandatory to run the ssl modules with
22:13 <%slush> it's only needed when you have certificates that are signed by a CA
22:13 @satmd ca.pem is kinda mandatory
22:13 @satmd for self-made certs it just happens to be a copy of your own cert
22:13 < tomtiger11> really?
22:14 @satmd a ca is just the signing party of the cert
22:14 < tomtiger11> ok
22:14 @satmd is could be possibly be the same

Contributor

satmd commented Oct 10, 2012

My suggestion is to have inspircd use the certificate itself if no separate ca is given. Our modules.conf.example does not set these files explicitely, so it should be safe to change the default behaviour like this in pseudo code logic:

real_cafile = (cafile != NULL)?cafile:certfile;

Contributor

satmd commented Oct 10, 2012

Implemented the code, doing pull request

@satmd satmd pushed a commit to satmd/inspircd that referenced this issue Oct 10, 2012

satmd Implementation for issue #309
Default cafile to be the same as certfile
a6cbe6e
Owner

attilamolnar commented Mar 12, 2013

In m_ssl_gnutls the mentioned log message is DEBUG, so it is not in the log by default.
In m_ssl_openssl however the same error message is logged with the DEFAULT loglevel, so I changed it, see https://github.com/attilamolnar/inspircd/compare/insp20%2Bopenssllog

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment