Hi Alexander,
Thank you for your suggestions, they helped me solve the problem which was an empty certificate file.
When generating a new certificate certtool asks a lot of questions and for some reason I have the tendency to press enter assuming that the default value will be used. This technique however didn't work very well when certtool asked me if "Is the above information ok? (Y/N):". The capital case indicates that I should provide a value, which I didn't. Given the fact that no error messages appeared, I assumed that everything was OK but, as it turned out, the file was empty.
Thanks again.
Regards, Georges
On Wed, 05 Jan 2011 22:04:45 +0100, Alexander Barton alex@barton.de wrote:
Hi Georges,
Am 05.01.2011 um 21:41 schrieb Georges POLITIK:
Jan 5 21:31:12 chronos ngircd[12609]: ngircd 15-SYSLOG+ZLIB+SSL+IRCPLUS+IPv6-i486/pc/linux-gnu started.
Ok, so you are indeed running a version supporting SSL :)
Jan 5 21:31:12 chronos ngircd[12609]: Reading configuration from "/etc/ngircd/ngircd.conf" ... Jan 5 21:31:12 chronos ngircd[12609]: gnutls_certificate_set_x509_key_file (cert /etc/ngircd/ngircd-cert.pem, key /etc/ngircd/ngircd-key.pem): Base64 decoding error.
And the daemon uses GnuTLS (not OpenSSL), which fails to decode the certificate and/or the key file.
So my guess is, that one (or both) of these files are not in the expected format.
Jan 5 21:31:12 chronos ngircd[12609]: Warning: Error during SSL initialization, continuing …
Because of the SSL initialization error, the daemon will not use SSL but continue …
Jan 5 21:31:12 chronos ngircd[12610]: Notice: Can't change working directory to "/var/run/ircd": No such file or directory
BTW … this is a second error message; but it isn’t related to your SSL problem.
I doubt it is a permissions problem. Here's the /etc/ngircd directory listing:
I don’t think so, too.
I've read the SSL guide (found here http://ngircd.barton.de/doc/SSL.txt) and it lists 2 methods for creating the SSL certificate/private key. I've used both without success.
Strange.
The GnuTLS section should result in a usable certificate and key file for your ngircd!?
Both the certificate and the key file look reasonable? The key file should start with a line „-----BEGIN RSA PRIVATE KEY-----„, followed by „garbage“ (the base64 encoded key) and end with a line „-----END RSA PRIVATE KEY-----„. The certificate starts with „-----BEGIN CERTIFICATE-----“, then „garbage“ (the base64 encoded certificate) and ends with „-----END CERTIFICATE-----“.
Regards Alex