ПРОЕКТЫ 


  АРХИВ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 


  СТАТЬИ 


  ПЕРСОНАЛЬНОЕ 


  ПРОГРАММЫ 



ПИШИТЕ
ПИСЬМА












     АРХИВ :: nginx-ru
Nginx-ru mailing list archive (nginx-ru@sysoev.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: nginx + ssl



On Tue, Dec 08, 2009 at 03:52:45PM -0500, mikhail123 wrote:

> Обновил порты, пересобрал nginx.
> 
> Такая ошибка:
> 
> : nginx was built with SNI support, however, now it is linked dynamically to 
> an OpenSSL library which has no tlsext support, therefore SNI is not available
> : SSL_CTX_use_certificate_chain_file("/usr/local/etc/nginx/ssl/server.pem") 
> failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line 
> error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib)

Я правильно понимаю, что это две ошибки, а не одна ?

Похоже, сам OpenSSL не умеет говорить про tlsext. Попробуем так:
strings /usr/lib/libssl.so | grep SSL_get_servername
strings /usr/local/lib/libssl.so | grep SSL_get_servername

> конфиг:
>         ssl                  on;
>         ssl_certificate      /usr/local/etc/nginx/ssl/server.pem;
>         ssl_certificate_key  /usr/local/etc/nginx/ssl/server.key;
> 
>         ssl_session_timeout  5m;
> 
>         ssl_protocols  SSLv2 SSLv3 TLSv1;
>         ssl_ciphers  
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
>         ssl_prefer_server_ciphers   on;
> 
> 
> 
> nginx version: nginx/0.8.29
> 
> OS: FreeBSD ... 7.2-RELEASE FreeBSD 7.2-RELEASE #0: Fri May  1 08:49:13 UTC 
> 2009

Что показвыает
ls -l /usr/local/etc/nginx/ssl/server.pem


-- 
Игорь Сысоев
http://sysoev.ru

_______________________________________________
nginx-ru mailing list
nginx-ru@xxxxxxxxx
http://nginx.org/mailman/listinfo/nginx-ru


 




Copyright © Lexa Software, 1996-2009.