DO NOT REPLY [Bug 1890] TLS for rsync protocol
samba-bugs at samba.org
samba-bugs at samba.org
Sun Aug 6 07:39:47 GMT 2006
https://bugzilla.samba.org/show_bug.cgi?id=1890
marineam at osuosl.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |marineam at osuosl.org
------- Comment #2 from marineam at osuosl.org 2006-08-06 02:39 MST -------
(In reply to comment #1)
> There is a diff in the patches directory named openssl-support.diff that
> contains an implementation of optional ssl support for an rsync daemon. The
> version of this patch that was released with 2.6.3 has a few problems, so if you
> want to try it out, grab the latest version of the patch from CVS:
>
> http://rsync.samba.org/ftp/unpacked/rsync/patches/openssl-support.diff
>
> I have never gotten the patch to work, however -- it always fails with an "ssl
> handshake failure". This might be because I don't know the proper way to
> configure the key/certificate options. Or, it might mean that a bug crept into
> the code.
The current version of the patch listed above does not run init_tls() in daemon
mode. This will of course case start_tls() to fail very quickly which give the
above error message. Not sure if that was the problem back in 2004, but with a
little tweeking to call init_tls() along with a couple minor things this works
for me.
My current version of the patch, based on release 2.6.8 is available here:
http://staff.osuosl.org/~marineam/files/rsync/rsync-openssl-1.diff
I have not extensivly tested things yet, but doing the following gets me a
directory listing over the encrypted connection: (using the testing cert/key
shipped with stunnel to avoid generating one)
rsync --daemon --config ./rsyncd.conf \
--ssl-cert ./stunnel.crt --ssl-key ./stunnel-key
rsync --ssl localhost::something/
If anyone has any comments on how to improve the patch let me know, I have not
dug into it any further than the minimum required to make it work.
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the rsync
mailing list