dartleader Tux's lil' helper
Joined: 21 Apr 2019 Posts: 119
|
Posted: Sat Dec 04, 2021 6:54 am Post subject: taskd server error - Error initializing TLS, malformed cred. |
|
|
Hello everyone, I am having some difficulty configuring a taskd server on my local machine. I plan to eventually run it on my home server but at this point cannot even get it to work on a local host.
I have used the generate scripts in /usr/share/taskd to generate the following files for my server configuration:
Code: |
Permissions Size User Group Date Modified Name
.rw------- 2.0k taskd taskd 3 Dec 20:55 ca.cert.pem
.rw------- 11k taskd taskd 3 Dec 20:55 ca.key.pem
.rw------- 2.0k taskd taskd 3 Dec 20:55 client.cert.pem
.rw------- 11k taskd taskd 3 Dec 20:55 client.key.pem
.rw------- 2.0k taskd taskd 3 Dec 20:55 server.cert.pem
.rw------- 1.1k taskd taskd 3 Dec 20:55 server.crl.pem
.rw------- 11k taskd taskd 3 Dec 20:55 server.key.pem
|
Output of taskd config
Code: |
Configuration read from /var/lib/taskd/config
Variable Value
------------- ------------------------------
ca.cert /etc/taskd/tls/ca.cert.pem
ciphers RSA
client.cert /etc/taskd/tls/client.cert.pem
client.crl /etc/taskd/tls/client.crl.pem
client.key /etc/taskd/tls/client.key.pem
confirmation 1
extensions /usr/libexec/taskd
ip.log on
log /var/log/taskd/taskd.log
pid.file /run/taskd.pid
queue.size 10
request.limit 1048576
root /var/lib/taskd
server localhost:51020
server.cert /etc/taskd/tls/server.cert.pem
server.crl /etc/taskd/tls/server.crl.pem
server.key /etc/taskd/tls/server.key.pem
trust strict
verbose 1
|
When I run the server with this configuration, I get the following output to taskd.log:
Code: |
2021-12-04 01:17:55 ==== taskd 1.1.0 ====
2021-12-04 01:17:55 Serving from /var/lib/taskd
2021-12-04 01:17:55 Using address localhost
2021-12-04 01:17:55 Using port 51020
2021-12-04 01:17:55 Using family
2021-12-04 01:17:55 Queue size 10 requests
2021-12-04 01:17:55 Request size limit 1048576 bytes
2021-12-04 01:17:55 IP logging on
2021-12-04 01:17:55 CA /etc/taskd/tls/ca.cert.pem
2021-12-04 01:17:55 Certificate /etc/taskd/tls/server.cert.pem
2021-12-04 01:17:55 Private Key /etc/taskd/tls/server.key.pem
2021-12-04 01:17:55 CRL /etc/taskd/tls/server.crl.pem
2021-12-04 01:17:55 Server starting
2021-12-04 01:17:55 Using ciphers: RSA
2021-12-04 01:17:55 Server ready
2021-12-04 01:17:55 Error: Error initializing TLS. No or insufficient priorities were set.
|
Attempting to sync with my taskd server results in the following error:
Code: |
Taskserver credentials malformed.
|
When I comment out the ciphers=RSA line from my server config and set trust=allow all, the taskd.log is as follows:
Code: |
2021-12-04 01:23:39 ==== taskd 1.1.0 ====
2021-12-04 01:23:39 Serving from /var/lib/taskd
2021-12-04 01:23:39 Using address localhost
2021-12-04 01:23:39 Using port 51020
2021-12-04 01:23:39 Using family
2021-12-04 01:23:39 Queue size 10 requests
2021-12-04 01:23:39 Request size limit 1048576 bytes
2021-12-04 01:23:39 IP logging on
2021-12-04 01:23:39 CA /etc/taskd/tls/ca.cert.pem
2021-12-04 01:23:39 Certificate /etc/taskd/tls/server.cert.pem
2021-12-04 01:23:39 Private Key /etc/taskd/tls/server.key.pem
2021-12-04 01:23:39 CRL /etc/taskd/tls/server.crl.pem
2021-12-04 01:23:39 Server starting
2021-12-04 01:23:39 Server ready
|
With ciphers=RSA commented out and trust=allow all, connecting with netcat to port 51020 and sending a message results in the following error in my taskd.log:
Code: |
2021-12-04 01:26:49 Error: Handshake failed. An unexpected TLS packet was received.
|
There is no response from the server whatsoever to netcat when ciphers=RSA is uncommented and trust=strict (which I think makes sense, given the Error initializing TLS message).
In either case, probing port 51020 with nmap shows a closed port.
I would like to configure my taskd server so that it works correctly with TLS enabled, however, I am using taskd over a wireguard VPN so it is not directly internet-facing, and I would be willing to use it without the certificate verification if that is necessary to get it to work.
Thank you for your help! |
|