[Gluster-devel] gluster SSL support
Jeffrey Darcy
jdarcy at redhat.com
Fri Jan 24 04:30:54 UTC 2014
> I am trying to enable SSL support for gluster (i have read this post:
> http://nongnu.13855.n7.nabble.com/Glusterfs-SSL-capability-td168156.html
> too, and get through sources) but i am lost with the settings. I have
> enabled both options on the volume:
>
> volume set gv0 client.ssl on
> volume set gv0 server.ssl on
>
> also i have put all the certs in /etc/ssl/ (i have generated my own CA +
> client certificates for both servers mx1 and mx2) - all seems correct but i
> still getting:
>
> [2014-01-23 14:23:46.332041] E [socket.c:2258:socket_poller] 0-gv0-client-1:
> client setup failed
> [2014-01-23 14:23:46.732281] E [socket.c:304:ssl_setup_connection]
> 0-gv0-client-0: SSL connect error
> [2014-01-23 14:23:46.732319] E [socket.c:174:ssl_dump_error_stack]
> 0-gv0-client-0: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>
> i really tried all possible cert configurations and i think i am hitting wall
> here. Any tips?
Are you sure that you have all three files - cert, key, CA - installed on both
servers *and clients*? It's not clear from what you've described whether the
client that's failing is one of the servers or a separate machine. In all
cases, the servers' certs need to be in the clients' CA file, and vice versa.
You could also try looking at tests/bugs/bug-873367.t in any GlusterFS source
tree, which might shed some light on how these files are generated in testing.
More information about the Gluster-devel
mailing list