[SOLVED] ssl with root only

[splususer]

I know that running sabnzbd on embedded device is not supported but I try anyway. I am trying to run sabnzbd in WD TV HD media player. If I run sabnzd under root with SSL enabled , it's OK . But I want to run it under normal user acct sabuser I got

Code: Select all

2009-07-01 13:46:47,963::ERROR::[downloader] Failed to initialize [email protected]:443
2009-07-01 13:46:47,982::WARNING::[downloader] Thread [email protected]:443: failed to initialize

there isn't anything helpful in log file. run sanbzd under sabuser without SSL is OK too. Is there anything I should check ?

TIA

[shypike]

On Linux systems the lower port numbers require root privileges.
You should use a higher port number.
So 80 is off-limits for a user account, but apparently 443 is not.
(I'm not sure at which port the separation is.)

[splususer]

I wasn't clear in my first post . I can connect with port 119 under normal user but not SSL ports 443 or 563.

[shypike]

I mistook your complaint as a problem with SABnzbd webserver.
(Should have known, since 0.4.x does not support a https web-server).

Are you sure your system has OpenSSL and PyOpenSSL correctly installed?
We rely on that for SSL communication.
The port permissions that I mentioned do not apply for communicating with the Usenet servers.

[switch]

When you run SABnzbd as your desired user, does it says SSL is disabled on the config>servers page. Check your startup logging to see if it sees pyOpenSSL like it does when you run it as root.

[splususer]

When you run SABnzbd as your desired user, does it says SSL is disabled on the config>servers page.

no, there is SSL box that I can check.

Check your startup logging to see if it sees pyOpenSSL like it does when you run it as root.

same as root .

Code: Select all

2009-07-06 10:07:17,578::INFO::All processes started
2009-07-06 10:07:17,633::INFO::_yenc module... found!
2009-07-06 10:07:17,646::INFO::celementtree module... found!
2009-07-06 10:07:17,659::INFO::par2 binary... found (/opt/bin/par2)
2009-07-06 10:07:17,672::INFO::unrar binary... found (/opt/bin/unrar)
2009-07-06 10:07:17,686::INFO::unzip binary... found (/bin/unzip)
2009-07-06 10:07:17,704::INFO::nice binary... found (/bin/nice)
2009-07-06 10:07:17,717::INFO::ionice binary... NOT found!
2009-07-06 10:07:17,731::INFO::pyOpenSSL... found (True)
2009-07-06 10:07:17,786::INFO::Web dir is /opt/share/SABnzbd/interfaces/Default
2009-07-06 10:07:18,342::INFO::Starting SABnzbd.py-0.4.11
2009-07-06 10:07:18,382::INFO::Starting web-interface on :8080
2009-07-06 10:07:18,371::INFO::[nzbqueue] Saving queue

Is there a python script that I can test SSL connection ? I saw /opt/lib/python2.5/site-packages/OpenSSL/test/test_ssl.py but I am not sure if it the one or how to use it.

TIA

[splususer]

problem is not from sabnzbd but I don't know python so I ask here if any developer can give me a hint .
I found a script to test.

Code: Select all

#!/opt/bin/python2.5 -OO
import socket

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('ssl.example.com', 443))
sslSocket = socket.ssl(s)
print repr(sslSocket.server())
print repr(sslSocket.issuer())
sslSocket.write('Hello secure socket\n')
s.close()

run as root it prints out the cert but run as normal user give me a traceback.

Code: Select all

Traceback (most recent call last):
  File "./test.py", line 6, in <module>
    sslSocket = socket.ssl(s)
  File "/opt/lib/python2.5/socket.py", line 79, in ssl
    return _realssl(sock, keyfile, certfile)
socket.sslerror: (8, 'EOF occurred in violation of protocol')

TIA

[splususer]

there is permission problem with /dev/random (default setup with wdlxtv firmware). normal user doesn't have read permission .

[splususer]

(note to myself)
and /dev/null without read permission will not let sabnzbd run as daemon.

[switch]

Glad you got the issue sorted out.