thr3ads.net - rsync - DO NOT REPLY [Bug 1890] TLS for rsync protocol [Aug 2006]

If this information is useful, please help other people find it:
Share via:

samba-bugs@samba.org

2006-Aug-06 07:40 UTC

DO NOT REPLY [Bug 1890] TLS for rsync protocol

https://bugzilla.samba.org/show_bug.cgi?id=1890


marineam@osuosl.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |marineam@osuosl.org




------- Comment #2 from marineam@osuosl.org  2006-08-06 02:39 MST -------
(In reply to comment #1)> There is a diff in the patches directory named openssl-support.diff that
> contains an implementation of optional ssl support for an rsync daemon. 
The
> version of this patch that was released with 2.6.3 has a few problems, so
if you
> want to try it out, grab the latest version of the patch from CVS:
> 
> http://rsync.samba.org/ftp/unpacked/rsync/patches/openssl-support.diff
> 
> I have never gotten the patch to work, however -- it always fails with an
"ssl
> handshake failure".  This might be because I don't know the proper
way to
> configure the key/certificate options.  Or, it might mean that a bug crept
into
> the code.
The current version of the patch listed above does not run init_tls() in daemon
mode. This will of course case start_tls() to fail very quickly which give the
above error message. Not sure if that was the problem back in 2004, but with a
little tweeking to call init_tls() along with a couple minor things this works
for me.

My current version of the patch, based on release 2.6.8 is available here:
http://staff.osuosl.org/~marineam/files/rsync/rsync-openssl-1.diff

I have not extensivly tested things yet, but doing the following gets me a
directory listing over the encrypted connection: (using the testing cert/key
shipped with stunnel to avoid generating one)

rsync --daemon --config ./rsyncd.conf \
     --ssl-cert ./stunnel.crt --ssl-key ./stunnel-key

rsync --ssl localhost::something/

If anyone has any comments on how to improve the patch let me know, I have not
dug into it any further than the minimum required to make it work.


-- 
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

Reasonably Related Threads

Search for more seemingly similar threads

rsync - Aug 2006 - DO NOT REPLY [Bug 1890] TLS for rsync protocol

DO NOT REPLY [Bug 1890] TLS for rsync protocol

Reasonably Related Threads

Wisdom of the Ancients