Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Bacula-users] Data Encryption - subjectKeyIdentifier extension?

2011-11-16 17:48:04
Subject: [Bacula-users] Data Encryption - subjectKeyIdentifier extension?
From: Oliver Hoffmann <oh AT dom DOT de>
To: bacula-users AT lists.sourceforge DOT net
Date: Wed, 16 Nov 2011 18:31:50 +0100 
Hi list,

after I set up TLS successfully, I tried to get data encryption running.

I started with the official documentation:

http://www.bacula.org/en/dev-manual/main/main/Data_Encryption.html

ldd `which bacula-fd` shows:

...
libssl.so.0.9.8 => /lib/libssl.so.0.9.8 (0x00673000)
libcrypto.so.0.9.8 => /lib/libcrypto.so.0.9.8 (0x00c6f000)
...

So, I made the master.cert and the pem file for the client (on the
bacula server) and set the following in the FileDaemon stanza of the
bacula-fd.conf:

  PKI Signatures = Yes            # Enable Data Signing
  PKI Encryption = Yes            # Enable Data Encryption
  PKI Keypair = "/etc/bacula/certs/PKI/my-fd.pem" # Public and Private Keys 
  PKI Master Key = "/etc/bacula/certs/PKI/master.cert"  # ONLY the Public Key

Starting the bacula-fd gives me:

 * Starting Bacula File daemon...
   16-Nov 17:49 my-fd JobId 0: Error: crypto.c:462 Provided
   certificate does not include the required subjectKeyIdentifier
   extension.16-Nov 17:49 my-fd: Fatal Error at filed.c:415 because:
   Failed to load public certificate for File daemon "my-fd"
   in /etc/bacula/bacula-fd.conf. 16-Nov 17:49 d830-fd: ERROR in
   filed.c:221 Bitte die Konfigurationsdatei
   korrigieren: /etc/bacula/bacula-fd.conf *** glibc detected
   *** /usr/sbin/bacula-fd: double free or corruption (fasttop):
   0x0908d1b8 ***

Then there follows a backtrace which ends with Kaboom!

Neither there was anything useful (in terms of setting a
subjectKeyIdentifier extension) to be found, nor a better
bacula-PKI-howto.

Could someone give me a hint? 

Thanks and greetings,

Oliver





------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] Restrict client console to list jobs, vishal veerkar
Next by Date:  Re: [Bacula-users] maximum value for watchdog timer, David Newman
Previous by Thread:  [Bacula-users] Restrict client console to list jobs, vishal veerkar
Next by Thread:  Re: [Bacula-users] Data Encryption - subjectKeyIdentifier extension?, Dan Langille
Indexes:  [Date] [Thread] [Top] [All Lists]