On Wed, Aug 21, 2024 at 07:32:34AM GMT, David McMackins II wrote: > Hello. > > I'm trying to set up a gemini server using vger and following the > instructions in its git repo: https://tildegit.org/solene/vger > > However, the TLS handshake with relayd is failing as follows: > > rsae_send_imsg: privenc poll timeout, keyop #0 > relay gemini, session 1 (1 active), 0, 192.168.1.1 -> :11965, TLS > handshake error: handshake failed: error:1402D438:SSL > routines:ACCEPT_SW_CERT:tlsv1 alert internal error: Invalid argument > relay_dispatch_ca: privenc result after timeout > > I reached out to the vger developer first, and there doesn't appear to > be anything wrong with my relayd config: > > log connection > > tcp protocol "gemini" { > tls keypair retro.inetcc.org > } > > relay "gemini" { > listen on retro.inetcc.org port 1965 tls > protocol "gemini" > forward to 127.0.0.1 port 11965 > } > <EOF> > > My TLS cert/key were generated using acme-client, and I made a symlink > for relayd to find the certificate since the default name from acme- > client is not what relayd is expecting. > > I'm wondering if this is actually a bug specific to sparc64 which I'm > running this on.
Wild guesses that usually bite me with relayd: - if my memory serves me right, relayd only supports RSA keys. If you added "ecdsa" to your acme-client.conf, then that's not going to fly. - double-check that you linked the fullchain, not the only the leaf cert.
