Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

taskd server error - Error initializing TLS, malformed cred.
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
dartleader
Tux's lil' helper
Tux's lil' helper


Joined: 21 Apr 2019
Posts: 118
PostPosted: Sat Dec 04, 2021 6:54 am    Post subject: taskd server error - Error initializing TLS, malformed cred. Reply with quote
Hello everyone, I am having some difficulty configuring a taskd server on my local machine. I plan to eventually run it on my home server but at this point cannot even get it to work on a local host.

I have used the generate scripts in /usr/share/taskd to generate the following files for my server configuration:

Code:

Permissions Size User  Group Date Modified Name
.rw-------  2.0k taskd taskd  3 Dec 20:55  ca.cert.pem
.rw-------   11k taskd taskd  3 Dec 20:55  ca.key.pem
.rw-------  2.0k taskd taskd  3 Dec 20:55  client.cert.pem
.rw-------   11k taskd taskd  3 Dec 20:55  client.key.pem
.rw-------  2.0k taskd taskd  3 Dec 20:55  server.cert.pem
.rw-------  1.1k taskd taskd  3 Dec 20:55  server.crl.pem
.rw-------   11k taskd taskd  3 Dec 20:55  server.key.pem


Output of taskd config
Code:

Configuration read from /var/lib/taskd/config

Variable       Value                         
-------------  ------------------------------
ca.cert        /etc/taskd/tls/ca.cert.pem   
ciphers        RSA                           
client.cert    /etc/taskd/tls/client.cert.pem
client.crl     /etc/taskd/tls/client.crl.pem
client.key     /etc/taskd/tls/client.key.pem
confirmation   1                             
extensions     /usr/libexec/taskd           
ip.log         on                           
log            /var/log/taskd/taskd.log     
pid.file       /run/taskd.pid               
queue.size     10                           
request.limit  1048576                       
root           /var/lib/taskd               
server         localhost:51020               
server.cert    /etc/taskd/tls/server.cert.pem
server.crl     /etc/taskd/tls/server.crl.pem
server.key     /etc/taskd/tls/server.key.pem
trust          strict                       
verbose        1                             


When I run the server with this configuration, I get the following output to taskd.log:
Code:

2021-12-04 01:17:55 ==== taskd 1.1.0  ====
2021-12-04 01:17:55 Serving from /var/lib/taskd
2021-12-04 01:17:55 Using address localhost
2021-12-04 01:17:55 Using port 51020
2021-12-04 01:17:55 Using family
2021-12-04 01:17:55 Queue size 10 requests
2021-12-04 01:17:55 Request size limit 1048576 bytes
2021-12-04 01:17:55 IP logging on
2021-12-04 01:17:55 CA          /etc/taskd/tls/ca.cert.pem
2021-12-04 01:17:55 Certificate /etc/taskd/tls/server.cert.pem
2021-12-04 01:17:55 Private Key /etc/taskd/tls/server.key.pem
2021-12-04 01:17:55 CRL         /etc/taskd/tls/server.crl.pem
2021-12-04 01:17:55 Server starting
2021-12-04 01:17:55 Using ciphers: RSA
2021-12-04 01:17:55 Server ready
2021-12-04 01:17:55 Error: Error initializing TLS. No or insufficient priorities were set.


Attempting to sync with my taskd server results in the following error:
Code:

Taskserver credentials malformed.


When I comment out the ciphers=RSA line from my server config and set trust=allow all, the taskd.log is as follows:

Code:

2021-12-04 01:23:39 ==== taskd 1.1.0  ====
2021-12-04 01:23:39 Serving from /var/lib/taskd
2021-12-04 01:23:39 Using address localhost
2021-12-04 01:23:39 Using port 51020
2021-12-04 01:23:39 Using family
2021-12-04 01:23:39 Queue size 10 requests
2021-12-04 01:23:39 Request size limit 1048576 bytes
2021-12-04 01:23:39 IP logging on
2021-12-04 01:23:39 CA          /etc/taskd/tls/ca.cert.pem
2021-12-04 01:23:39 Certificate /etc/taskd/tls/server.cert.pem
2021-12-04 01:23:39 Private Key /etc/taskd/tls/server.key.pem
2021-12-04 01:23:39 CRL         /etc/taskd/tls/server.crl.pem
2021-12-04 01:23:39 Server starting
2021-12-04 01:23:39 Server ready


With ciphers=RSA commented out and trust=allow all, connecting with netcat to port 51020 and sending a message results in the following error in my taskd.log:
Code:

2021-12-04 01:26:49 Error: Handshake failed. An unexpected TLS packet was received.

There is no response from the server whatsoever to netcat when ciphers=RSA is uncommented and trust=strict (which I think makes sense, given the Error initializing TLS message).

In either case, probing port 51020 with nmap shows a closed port.

I would like to configure my taskd server so that it works correctly with TLS enabled, however, I am using taskd over a wireguard VPN so it is not directly internet-facing, and I would be willing to use it without the certificate verification if that is necessary to get it to work.

Thank you for your help!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy