On Friday 27 April 2007 14:03, Frank Sweetser wrote:
> On Fri, Apr 27, 2007 at 10:03:23AM +0300, Silver Salonen wrote:
> > Hi.
> >
> > Am I wrong if I say that one FD can't communicate with multiple SDs with
> > different TLS certificates?
> >
> > As I've understood, there can be only one TLS-configuration for SD (in the
> > Storage{} resource). For communicating with SD, FD uses TLS configuration
> > from its Client{} resource, and there can be only one Client{} resource in
> > FD's configuration. The "TLS CA Certificate File" is always required for
the
> > TLS-client, so it seems that it's not possible to use different
> > TLS-configurations for different storages, i.e. all the storages (that the
FD
> > communicates with) must use certificates originated from the same CA.
>
> Try concatenating multiple CA files into a single one.
Hello.
Did it. But it seems that multiple entries are not supported in "TLS
Certificate" and "TLS Key" files. Only the first certificate is taken from
there - FD doesn't even start if CRT's and KEY's positions differ in these
files (i.e. crt A is on the 1st position in the "TLS Certificate" file and
key A is on the 2nd position in the "TLS Key" file).
But well, according to the manual
(http://www.bacula.org/rel-manual/Bacula_TLS_Communication.html) these
directives ("TLS Certificate" and "TLS Key") require <Directory> not
<Filename>. I guess it's a bug in the manual as I get "ERROR in openssl.c:74
Error loading certificate file: ERR=error:0906D06C:PEM
routines:PEM_read_bio:no start line" when specifying directory there.
As I suppose Kern is no longer in the bacula-users list, should I notify him
about this directly, or will it be taken care by some developer? :)
--
Silver
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
