View previous topic :: View next topic |
Author |
Message |
Chr0nos Apprentice
Joined: 26 Feb 2010 Posts: 205
|
Posted: Sun Aug 15, 2010 7:04 pm Post subject: [murmur] No SSL ciphers of at least 128 bit found (Resolu) |
|
|
Bonjours,
j'ai un souci avec murmur (le serveur mumble) : impossible de m'y connecter depuis un client mumble: echec de la connection
du coup j'ai tenté de le relancer mais voila ce qui en a résulté:
Quote: |
BlackPearl downloads # /etc/init.d/murmur restart
* Caching service dependencies ... [ ok ]
* Stopping Murmur ...
* start-stop-daemon: fopen `/var/run/murmur/murmur.pid': No such file or directory [ ok ]
* Starting Murmur ...
<W>2010-08-15 20:58:29.469 Initializing settings from /etc/murmur/murmur.ini (basepath /etc/murmur)
<F>2010-08-15 20:58:29.491 No SSL ciphers of at least 128 bit found
|
j'ai tenté de re-merge murmur mais rien n'a changé
le fichier /etc/murmur/murmur.ini
Quote: | BlackPearl downloads # cat /etc/murmur/murmur.ini
# Path to database. If blank, will search for
# murmur.sqlite in default locations or create it if not found.
database=/var/lib/murmur/murmur.sqlite
# If you wish to use something other than SQLite, you'll need to set the name
# of the database above, and also uncomment the below.
# Sticking with SQLite is strongly recommended, as it's the most well tested
# and by far the fastest solution.
#
#dbDriver=QMYSQL
#dbUsername=
#dbPassword=
#dbHost=
#dbPort=
#dbPrefix=murmur_
#dbOpts=
# Murmur defaults to not using D-Bus. If you wish to use dbus, which is one of the
# RPC methods available in murmur, please specify so here.
#
dbus=system
# Alternate service name. Only use if you are running distinct
# murmurd processes connected to the same D-Bus daemon.
#dbusservice=net.sourceforge.mumble.murmur
# If you want to use ZeroC Ice to communicate with Murmur, you need
# to specify the endpoint to use. Since there is no authentication
# with ICE, you should only use it if you trust all the users who have
# shell access to your machine.
# Please see the ICE documentation on how to specify endpoints.
ice="tcp -h 127.0.0.1 -p 6502"
# Ice primarily uses local sockets. This means anyone who has a
# user account on your machine can connect to the Ice services.
# You can set a plaintext "secret" on the Ice conntection, and
# any script attempting to access must then have this secret.
#icesecret=
# How many login attempts do we tolerate from one IP
# inside a given timeframe before we ban the connection?
# Note that this is global (shared between all virtual servers), and that
# it counts both successfull and unsuccessfull connection attempts.
# Set either Attempts or Timeframe to 0 to disable.
#autobanAttempts = 10
#autobanTimeframe = 120
#autobanTime = 300
# Murmur default to logging to murmur.log. If you leave this blank,
# murmur will log to the console (linux) or through message boxes (win32).
logfile=/var/log/murmur/murmur.log
# If set, murmur will write its process ID to this file.
pidfile=/var/run/murmur/murmur.pid
# The below will be used as defaults for new configured servers.
# If you're just running one server (the default), it's easier to
# configure it here than through D-Bus or Ice.
#
# Welcome message sent to clients when they connect
welcometext="<br />Welcome to this server running <b>Murmur</b>.<br />Enjoy your stay!<br />"
# Port to bind TCP and UDP sockets to
port=64738
# Specific IP or hostname to bind to.
# If this is left blank (default), murmur will bind to all available addresses.
#host=
# Password to join server
serverpassword=mon mdp
# Maximum bandwidth (in bits per second) clients are allowed
# to send speech at.
bandwidth=72000
# Maximum number of concurrent clients allowed.
users=100
# Regular expression used to validate channel names
# (note that you have to escape backslashes with \ )
#channelname=[ \\-=\\w\\#\\[\\]\\{\\}\\(\\)\\@\\|]+
# Regular expression used to validate user names
# (note that you have to escape backslashes with \ )
#username=[-=\\w\\[\\]\\{\\}\\(\\)\\@\\|\\.]+
# Maximum length of text messages in characters. 0 for no limit.
#textmessagelength=5000
# Maximum length of text messages in characters, with image data. 0 for no limit.
#imagemessagelength=131072
# Allow clients to use HTML in messages, user comments and channel descriptions?
#allowhtml=true
# Murmur retains the per-server log entries in an internal database which
# allows it to be accessed over D-Bus/ICE.
# How many days should such entries be kept?
#logdays=31
# To enable public server registration, the serverpassword must be blank, and
# this must all be filled out.
# The password here is used to create a registry for the server name; subsequent
# updates will need the same password. Don't lose your password.
# The URL is your own website, and only set the registerHostname for static IP
# addresses.
#
#registerName=Mumble Server
#registerPassword=secret
#registerUrl=http://mumble.sourceforge.net/
#registerHostname=
# To enable bonjour service discovery uncomment the following line.
# To change the name announced by bonjour adjust the registerName variable.
# See http://developer.apple.com/networking/bonjour/index.html for more information
# about bonjour.
#bonjour=True
# If you have a proper SSL certificate, you can provide the filenames here.
#sslCert=
#sslKey=
# If murmur is started as root, which user should it switch to?
# This option is ignored if murmur isn't started with root privileges.
uname=murmur
# If this options is enabled, only clients which have a certificate are allowed
# to connect.
#certrequired=False
# You can configure any of the configuration options for Ice here. We recommend
# leave the defaults as they are.
# Please note that this section has to be last in the configuration file.
#
[Ice]
Ice.Warn.UnknownProperties=1
Ice.MessageSizeMax=65536 |
Last edited by Chr0nos on Tue Aug 17, 2010 8:43 am; edited 1 time in total |
|
Back to top |
|
|
El_Goretto Moderator
Joined: 29 May 2004 Posts: 3169 Location: Paris
|
Posted: Sun Aug 15, 2010 10:22 pm Post subject: |
|
|
Tu as bien une version de client à peu près identique à celle du serveur? (1.2.x)?
Tu as bien un certificat et une clé SSL visible dans les paramètres de ton instance murmur en question (visible à travers ICE ou DBUS)?
Tu as aussi généré ce qui va bien côté client (certif' auto signé)? _________________ -TrueNAS & jails: µ-serv Gen8 E3-1260L, 16Go ECC + µ-serv N40L, 10Go ECC
-Réseau: APU2C4 (OpenWRT) + GS726Tv3 + 2x GS108Tv2 + Archer C5v1 (OpenWRT) |
|
Back to top |
|
|
Chr0nos Apprentice
Joined: 26 Feb 2010 Posts: 205
|
Posted: Sun Aug 15, 2010 11:05 pm Post subject: |
|
|
1) oui j'ai la derniere version du client
2) le certificat a pas changé depuis avant que ca marchais (mais je suppose qu'une maj a du coincer de ce coté ci du coup) (comment on fais pour voir si c visible a traver de dbus ? (connais pas ice))
3) oui pour le certif auto-signé j'ai meme tenté l'authentification par certif: rien n'y fait |
|
Back to top |
|
|
El_Goretto Moderator
Joined: 29 May 2004 Posts: 3169 Location: Paris
|
Posted: Mon Aug 16, 2010 9:34 am Post subject: |
|
|
Chr0nos wrote: | 1) oui j'ai la derniere version du client |
Bon, alors tu n'est pas dans le même cas que moi avant que je ne passe murmur de 1.1.8 en 1.2.2 (j'avais aussi une cagade avant la mise à jour)
Chr0nos wrote: | 2) le certificat a pas changé depuis avant que ca marchais (mais je suppose qu'une maj a du coincer de ce coté ci du coup) (comment on fais pour voir si c visible a traver de dbus ? (connais pas ice)) |
Perso j'ai laché mes vains efforts pour rester en CLI et j'ai installé une interface web (django-mumble). Je prévois d'essayer MumPI sous peu aussi. Elles te permettent de gérer les multiples instances possibles de murmur ("virtual servers") sur une même machine. Du coup, moi aussi je m'étais trompé en pensant que tout se faisait dans murmur.ini (comme la bande passante par client), alors que non, il ne s'agit que de valeurs par défaut à la création initiale des instances, tout doit être paramétré sur l'instance elle même via ICE ou DBUS.
En 1.1.x, j'utilisais dbus, car installer ICE sur gentoo était une véritable plaie. Depuis, ICE a connu pas mal de MAJ, et les ebuild gentoo se sont bonifiée. "Ca marche". Il faut savoir que le projet mumble a déprécié le support DBUS au profit ded ICE.
Chr0nos wrote: | 3) oui pour le certif auto-signé j'ai meme tenté l'authentification par certif: rien n'y fait |
Pas d'authentification basée sur les certificats non plus sur mes 2 machines.
Par hasard, fait un coup de revdep-rebuild, des fois que ce soit une dépendance cassée (au hasard openssl qu'on retrouve vite).
Code: | # equery g murmur-1.2.2 --depth=1
[ Searching for packages matching murmur-1.2.2... ]
* dependency graph for media-sound/murmur-1.2.2
`-- media-sound/murmur-1.2.2
`-- dev-libs/openssl-0.9.8o
`-- dev-libs/protobuf-2.3.0-r1
`-- sys-libs/libcap-2.17
`-- x11-libs/qt-core-4.6.2-r1
`-- x11-libs/qt-sql-4.6.2
`-- x11-libs/qt-xmlpatterns-4.6.2
`-- x11-libs/qt-dbus-4.6.2 [ dbus ]
`-- dev-libs/Ice-3.4.1 [ ice ]
`-- net-dns/avahi-0.6.25-r1 [ zeroconf ]
`-- net-misc/mDNSResponder-212.1 [ zeroconf ]
`-- dev-libs/boost-1.41.0-r3
`-- dev-util/pkgconfig-0.25-r2
[ media-sound/murmur-1.2.2 stats: packages (13), max depth (1) ]
|
Perso, mon upgrade récent de murmur en 1.2.2 s'est fait suite à un upgrade général et propre du reste du système.
--
edit:
ceci dit, pour django-mumble, DBUS est encore la solution la plus fiable (aucun problème avec), alors que j'ai toujours quelques merdouilles avec ICE. _________________ -TrueNAS & jails: µ-serv Gen8 E3-1260L, 16Go ECC + µ-serv N40L, 10Go ECC
-Réseau: APU2C4 (OpenWRT) + GS726Tv3 + 2x GS108Tv2 + Archer C5v1 (OpenWRT) |
|
Back to top |
|
|
Chr0nos Apprentice
Joined: 26 Feb 2010 Posts: 205
|
Posted: Mon Aug 16, 2010 5:33 pm Post subject: |
|
|
je viens de tenter derecompiller openssl -> aucun changement |
|
Back to top |
|
|
boozo Advocate
Joined: 01 Jul 2004 Posts: 3193
|
|
Back to top |
|
|
Chr0nos Apprentice
Joined: 26 Feb 2010 Posts: 205
|
Posted: Tue Aug 17, 2010 8:02 am Post subject: |
|
|
ah merci ca a marché ! \o/ |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|