...
Certificate/key pairs cannot be imported in the server any more, and the certificate check tool output looks like this:
Code Block | ||||
---|---|---|---|---|
| ||||
== Setup ======================================================================= ==== setting up work directory... ok ==== setting up environment... ok ==== starting server.../tmp/certificates_check_o2g5S6 /data/bin /data/bin ok ==== waiting for server to be up.... ok == Test 1: connection and certificate validation =============================== getaddrinfo: Name or service not known Using default temp DH parameters ACCEPT 0 items in the session cache 0 client connects (SSL_connect()) 0 client renegotiates (SSL_connect()) 0 client connects that finished 0 server accepts (SSL_accept()) 0 server renegotiates (SSL_accept()) 0 server accepts that finished 0 session cache hits 0 session cache misses 0 session cache timeouts 0 callback cache hits 0 cache full overflows (128 allowed) socket: Connection refused connect:errno=22 openssl s_client exited with code 1 ==== Test 1 FAILED == Test 2: data transfer ======================================================= curl: (7) couldn't connect to host curl exited with code 7 cmp: EOF on /tmp/certificates_check_o2g5S6/test_1.out ==== Test 2 FAILED == Cleanup ===================================================================== ==== stopping server... ok data transfer error ==== stopping background jobs... ok ==== removing work directory... ok |
...
An OpenSSL function used to check for certificate validity erroneously requires IPv6 to be enabled on the loopback interface. Check whether IPv6 is enabled by running the ip addr ls command; if IPv6 is enabled, the output will look like this:
Code Block | ||
---|---|---|
| ||
1: lo: mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever ... |
On the other hand, if IPv6 is disabled, the output of ip addr ls will look like this:
Code Block | ||
---|---|---|
| ||
1: lo: mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo ... |
...
Re-enable IPv6 on the server and reboot it.
Resolution
...
None yet.