Certificate chains in uMurmur
108 views
Skip to first unread message
Felix Morgner
Nov 22, 2013, 6:49:52 AM11/22/13
to umurmur...@googlegroups.com
Hi
I recently set up a uMurmur server using a certificate from StartCom.
Afterwards i tired to verify the certificate and noticed that event though
i concatenated the certificates (my certificate and the StartCom Intermediate)
together into one file, only my certificate is getting delivered, and therefore
verification fails.
Am I missing something (maybe some option) or is chain delivery not
supported in uMurmur?
Best wishes,
Felix Morgner
Martin Johansson
Nov 22, 2013, 12:51:31 PM11/22/13
to Felix Morgner, umurmur-general
That's probobly because noone has tried it before. Using PolarSSL or OpenSSL?
--
Det här meddelandet skickas till dig eftersom du prenumererar på gruppen umurmur-general i Google Groups.
Om du vill sluta prenumerera på den här gruppen och inte längre få någon e-post från den skickar du ett e-postmeddelande till umurmur-gener...@googlegroups.com.
Om du vill göra ett inlägg i den här gruppen skickar du e-post till umurmur...@googlegroups.com.
Besök gruppen på http://groups.google.com/group/umurmur-general.
Fler alternativ finns på https://groups.google.com/groups/opt_out.
Felix Morgner
Nov 22, 2013, 12:55:17 PM11/22/13
to Martin Johansson, umurmur...@googlegroups.com
Using OpenSSL. I prefer using OpenSSL since I'm running uMurmur on NetBSD,
where PolarSSL is marked with 3 known vulns. I tried what happens when the CA
cert is prepended to the Server cert and found out, that uMurmur doesn't start in that
case. If there would be interest in this issue from the developers site, I would offer
to look into it, and maybe "fixing" it.
where PolarSSL is marked with 3 known vulns. I tried what happens when the CA
cert is prepended to the Server cert and found out, that uMurmur doesn't start in that
case. If there would be interest in this issue from the developers site, I would offer
to look into it, and maybe "fixing" it.
Martin Johansson
Nov 22, 2013, 1:59:29 PM11/22/13
to Felix Morgner, umurmur-general
I believe the majority of uMurmur users, including me, are using it with self-signed certs. I'd be happy if you look into it though, and the developer(s) is more or less just me. The place to start looking is in the file ssl.c in the source, around line 578 onwards. Use the ipv4 branch on GitHub. Master branch is not up to date. When comparing with original Murmur sources: https://github.com/mumble-voip/mumble/blob/master/src/SSL.cpp I see that they add CA certificates from some predefined locations. I guess it would suffice to mimic this.
Regards
nadler...@gmail.com
May 10, 2014, 11:34:09 AM5/10/14
to umurmur...@googlegroups.com
I cannot get the chaining to work with the new "ca_path" option. I point it to the file i got from startssl with the certificate and the key.
But the certificate chain in the mumble client is just "domain"->"domain" instead of the intermediary certificates.
Any tips?
Reply all
Reply to author
Forward
0 new messages