Welcome! Log In Create A New Profile

Advanced

Re: nginx + ssl

Igor Sysoev
December 09, 2009 04:28AM
On Tue, Dec 08, 2009 at 03:52:45PM -0500, mikhail123 wrote:

> Обновил порты, пересобрал nginx.
>
> Такая ошибка:
>
> : nginx was built with SNI support, however, now it is linked dynamically to an OpenSSL library which has no tlsext support, therefore SNI is not available
> : SSL_CTX_use_certificate_chain_file("/usr/local/etc/nginx/ssl/server.pem") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib)

Я правильно понимаю, что это две ошибки, а не одна ?

Похоже, сам OpenSSL не умеет говорить про tlsext. Попробуем так:
strings /usr/lib/libssl.so | grep SSL_get_servername
strings /usr/local/lib/libssl.so | grep SSL_get_servername

> конфиг:
> ssl on;
> ssl_certificate /usr/local/etc/nginx/ssl/server.pem;
> ssl_certificate_key /usr/local/etc/nginx/ssl/server.key;
>
> ssl_session_timeout 5m;
>
> ssl_protocols SSLv2 SSLv3 TLSv1;
> ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
> ssl_prefer_server_ciphers on;
>
>
>
> nginx version: nginx/0.8.29
>
> OS: FreeBSD ... 7.2-RELEASE FreeBSD 7.2-RELEASE #0: Fri May 1 08:49:13 UTC 2009

Что показвыает
ls -l /usr/local/etc/nginx/ssl/server.pem


--
Игорь Сысоев
http://sysoev.ru

_______________________________________________
nginx-ru mailing list
nginx-ru@nginx.org
http://nginx.org/mailman/listinfo/nginx-ru
Subject Author Posted

nginx + ssl

mikhail123 December 08, 2009 03:52PM

Re: nginx + ssl

Igor Sysoev December 09, 2009 04:28AM

Re: nginx + ssl

mikhail123 December 09, 2009 07:04AM

Re: nginx + ssl

mikhail123 December 10, 2009 10:05AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 61
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready