Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] Do TLS options work without openssl configuration during installation?

2016-03-08 12:51:41
Subject: Re: [Bacula-users] Do TLS options work without openssl configuration during installation?
From: Ana Emília M. Arruda <emiliaarruda AT gmail DOT com>
To: Florian Splett <florian.splett AT web DOT de>
Date: Tue, 8 Mar 2016 18:45:52 +0100
Hello Florian,

If you installed bacula from source, you can rebuild using --with-openssl in your configure options. All your configuration files will be kept. Otherwise, I'm quite sure that the packages are all built with SSL enabled.

In addition, you have some debug messages that will provide you information about SSL connections between the daemons (I think that running your bacula-dir with a -d 200 level is sufficient). They are messages with a "ssl=value", where value will be:

0 = TLS is not being used (is not enabled, could not be established, etc.)
1 = TLS is enabled but not required on the end point
2 = TLS is enabled and required

Error messages will be reported in debug mode if you configure TLS as enabled/required and the connection cannot be established for some reason.

Best regards,
Ana

On Tue, Mar 8, 2016 at 1:35 PM, Florian Splett <florian.splett AT web DOT de> wrote:
Thank you for your input.
I am a bit unsure wether or not the TLS options will work, so I might prepare a vpn connection instead through which bacula can send the files.

Regards,

Florian S.


Am 03.03.2016 um 11:48 schrieb Alex Domoradov:
But at the same time it seems that openssl enabled by default at least if the bacula can find headers and libraries

# ./configure --prefix=/opt/bacula-7.4.0 --with-postgresql=/usr/pgsql-9.4/ --with-mysql --enable-acl --with-tcp-wrappers --with-sqlite3
...

   Large file support:       yes
   Bacula conio support:  yes -ltinfo
   readline support:         no
   TCP Wrappers support:     yes -lwrap
   TLS support:              yes
   Encryption support:       yes
   ZLIB support:             yes
   LZO support:              yes


So I think you should use option --with-openssl only if you have installed openssl from source

On Thu, Mar 3, 2016 at 12:41 PM, Alex Domoradov <alex.hha AT gmail DOT com> wrote:
AFAIK it wouldn't work

a binary file must be linked with openssl

# ldd bacula-dir | grep ssl
        libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f3a83283000)
        libssl3.so => /usr/lib64/libssl3.so (0x00007f3a80089000)

On Thu, Mar 3, 2016 at 12:30 PM, Florian Splett <florian.splett AT web DOT de> wrote:
Hello.

I want to set up TLS security for my bacula system,  but when I first
installed the system, I did not specify the "--with-openssl" option.
Will the TLS configuration still work? The entries in the config were
definitely recognized.

I just want to be sure this doesn't end up accepting the configuration,
but not actually securing anything,
so any answer would be highly appreciated.

Regards,
Florian S.

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users




------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://makebettercode.com/inteldaal-eval
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users


------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://makebettercode.com/inteldaal-eval
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] Director will not connect to a remote client, Jari Fredriksson
Next by Date:  Re: [Bacula-users] how to configure email notifications in bacula?, Dan Langille
Previous by Thread:  Re: [Bacula-users] Do TLS options work without openssl configuration during installation?, Florian Splett
Next by Thread:  [Bacula-users] Bacula LTO3 error, mauser1
Indexes:  [Date] [Thread] [Top] [All Lists]