Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

unable to encrypt connection: Unable to create server credentials. #529

Closed
Firgen opened this issue Nov 12, 2022 · 4 comments
Closed

unable to encrypt connection: Unable to create server credentials. #529

Firgen opened this issue Nov 12, 2022 · 4 comments
Assignees
@michaelrsweet
Labels
bug Something isn't working platform issue Issue is specific to an OS or desktop priority-high
Milestone
v2.4.x

Comments

@Firgen
Copy link

Firgen commented Nov 12, 2022
edited
Loading

When I try to print over the network, for example from an android device, I get an error and /var/log/cups/error_log has this: unable to encrypt connection: Unable to create server credentials.

It has probably something to do with the reintroduction of LibreSSL/OpenSSL in 2.4.2 because 2.4.1 works.
@sevens
Copy link

sevens commented Nov 15, 2022

Same issue when trying to open the web-interface over HTTPS; using plain old HTTP works fine. Downgrading to 2.3.3 (don't have 2.4.1 easily available) fixed it.

OS: Slackware64-15.0

@CameronNemo CameronNemo mentioned this issue Jan 16, 2023
Merged
@oynqr
Copy link

oynqr commented Jan 17, 2023
edited
Loading

This happens because the default server keychain path is always set to the MacOS one when building with OpenSSL. The following patch fixes this, but a proper fix would probably be a bit more involved.

--- a/scheduler/conf.c
+++ b/scheduler/conf.c
@@ -605,11 +605,11 @@ cupsdReadConfiguration(void)
   ClassifyOverride  = 0;
 
 #ifdef HAVE_TLS
-#  ifdef HAVE_GNUTLS
+#  if defined HAVE_GNUTLS || defined HAVE_OPENSSL
   cupsdSetString(&ServerKeychain, "ssl");
 #  else
   cupsdSetString(&ServerKeychain, "/Library/Keychains/System.keychain");
-#  endif /* HAVE_GNUTLS */
+#  endif /* HAVE_GNUTLS || HAVE_OPENSSL */
 
   _httpTLSSetOptions(_HTTP_TLS_NONE, _HTTP_TLS_1_0, _HTTP_TLS_MAX);
 #endif /* HAVE_TLS */

@michaelrsweet michaelrsweet self-assigned this Jan 17, 2023
@michaelrsweet michaelrsweet added bug Something isn't working priority-high platform issue Issue is specific to an OS or desktop labels Jan 17, 2023
@michaelrsweet michaelrsweet added this to the v2.4.x milestone Jan 17, 2023
@michaelrsweet
Copy link
Member

That's actually a reasonable fix.

michaelrsweet added a commit that referenced this issue Jan 17, 2023
@michaelrsweet
Fix default cupsd keychain with OpenSSL (Issue #529)
8bec88a
@michaelrsweet
Copy link
Member

[master 8bec88a] Fix default cupsd keychain with OpenSSL (Issue #529)

@michaelrsweet michaelrsweet mentioned this issue Jan 17, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michaelrsweet michaelrsweet

Labels
bug Something isn't working platform issue Issue is specific to an OS or desktop priority-high
Projects
None yet
Milestone
v2.4.x
Development

No branches or pull requests
4 participants
@michaelrsweet @sevens @Firgen @oynqr