Hi list, after I set up TLS successfully, I tried to get data encryption running.
I started with the official documentation: http://www.bacula.org/en/dev-manual/main/main/Data_Encryption.html ldd `which bacula-fd` shows: ... libssl.so.0.9.8 => /lib/libssl.so.0.9.8 (0x00673000) libcrypto.so.0.9.8 => /lib/libcrypto.so.0.9.8 (0x00c6f000) ... So, I made the master.cert and the pem file for the client (on the bacula server) and set the following in the FileDaemon stanza of the bacula-fd.conf: PKI Signatures = Yes # Enable Data Signing PKI Encryption = Yes # Enable Data Encryption PKI Keypair = "/etc/bacula/certs/PKI/my-fd.pem" # Public and Private Keys PKI Master Key = "/etc/bacula/certs/PKI/master.cert" # ONLY the Public Key Starting the bacula-fd gives me: * Starting Bacula File daemon... 16-Nov 17:49 my-fd JobId 0: Error: crypto.c:462 Provided certificate does not include the required subjectKeyIdentifier extension.16-Nov 17:49 my-fd: Fatal Error at filed.c:415 because: Failed to load public certificate for File daemon "my-fd" in /etc/bacula/bacula-fd.conf. 16-Nov 17:49 d830-fd: ERROR in filed.c:221 Bitte die Konfigurationsdatei korrigieren: /etc/bacula/bacula-fd.conf *** glibc detected *** /usr/sbin/bacula-fd: double free or corruption (fasttop): 0x0908d1b8 *** Then there follows a backtrace which ends with Kaboom! Neither there was anything useful (in terms of setting a subjectKeyIdentifier extension) to be found, nor a better bacula-PKI-howto. Could someone give me a hint? Thanks and greetings, Oliver ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ Bacula-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/bacula-users
