-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
i'm using Bacula 7.0.5 with TLS setup for all connections. The certificates are using the FQDN of the participating nodes as the common name. Everything works for a normal setup consisting of a director, a storage daemon and file daemons on different hosts with both IPv4 and IPv6. If i use the option SD Calls Client = yes in the director's Client resource for a specific client, then the TLS negotiation for this client will fail. The error message is bacula-fd Fatal error: bnet.c:278 TLS host certificate verification failed. Host name "[<IPv6 Address of the storage daemon>]" did not match presented certificate This error occurs for all clients with SD Calls Client = yes. It seems the storage daemon does not send its FQDN during the TLS handshake. For all other TLS handshakes the FQDN is sent as expected. Do i miss something here, or is this a bug? Btw., when using SD Calls Client, the file daemon should also allow TLS Verify Peer and TLS Allowed CN, as it is now acting as a server role, shouldn't it? Regards, Sascha - -- Dipl.-Inform. Sascha Jopen University of Bonn Tel.: +49-228-73-54219 Institute of Computer Science 4 Fax: +49-228-73-4571 Friedrich-Ebert-Allee 144 E-mail: [email protected] D-53113 Bonn, Germany -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJT9vNbAAoJEPQ+gnO0LIbHqgsH/3BKZ2f0Pgr7oZVPLbH3kwqZ yCkuSiDzmUtHZkZ/juigebfeqdeuvnK+jcMVL3aHdG70lYBbQ9uPBax2CO0IK2ct qrwo92NrrbPuSH1UvOVFuLkqt/OlKouLQefdLQWOKzxhH/GVbbTgiW+/kF3dxB7S mTkwEUBinSrMl0ZYcpvsSB8uvLn9/LcerTHIWmn4vXllYWRRgXqa7/j/fG25+fwM CDLsleVozxZUapNSFrMqoiqwCfnWHVU/om1D870ZG5fimJ9n0yh818OVzjPG3LPC 44ylVUfngYBddvIHfJ2trrZ/3q8zjz2AN8PykUZb0JfdjmJ8/+253KNj/9kLqg8= =Y8VQ -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ Bacula-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/bacula-users
