Socket name is not in sync with the rest of the code
ocserv 1.3.0 running on FreeBSD 14.3-STABLE.
Relevant excerpt from ocserv.conf:
log-level = 9
chroot-dir = /var/run/ocserv
socket-file = socketRestarting the ocserv service:
# service ocserv status ; service ocserv restart ; sleep 1 ; service ocserv status
ocserv is running as pid 9068 9070 9071 9072 9073.
Stopping ocserv.
Waiting for PIDS: 9068 9070 9071 9072 9073.
Starting ocserv.
note: vhost:default: setting 'certificate' as primary authentication method
TLS[<3>]: ASSERT: x509_ext.c[gnutls_subject_alt_names_get]:107
TLS[<3>]: ASSERT: x509.c[get_alt_name]:2019
error connecting to sec-mod socket 'socket.27f81545': No such file or directory
TLS[<3>]: ASSERT: privkey.c[privkey_sign_and_hash_data]:1351
TLS[<2>]: _gnutls_check_key_cert_match: failed signing
processed 1 CA certificate(s)
TLS[<2>]: added 4 protocols, 29 ciphersuites, 22 sig algos and 10 groups into priority list
note: setting 'file' as supplemental config option
ocserv is running as pid 9151 9152 9154 9155 9156.A quick inspection of /var/run/ocserv reveals:
# ll /var/run/ocserv/
total 2
srwx--x--x 1 nobody daemon 0 Sep 23 09:25 socket.27f81545.0=
srwx--x--x 1 nobody daemon 0 Sep 23 09:25 socket.27f81545.1=
srwx--x--x 1 nobody daemon 0 Sep 23 09:25 socket.27f81545.2=
srwx--x--x 1 nobody daemon 0 Sep 23 09:25 socket.27f81545.3=One part of ocserv expects to find socket.27f81545, while another part of ocserv creates a whole slew of sockets, socket.27f81545.{0,1,2,3}.
Edited by Trond Endrestøl