search

DNSCrypt / doh-server

Fast, mature, secure DoH and ODoH server proxy written in Rust. Previously known as doh-proxy and rust-doh.
MIT License
762 stars 63 forks source link

SSL Cert decode issue? #52

Closed ptruman closed 4 years ago

ptruman commented 4 years ago

This is more than likely me, but I'm having an issue getting my SSL certs to work.... I'm running doh-proxy in a self built docker container built on alpine

rust, cargo and make were all added to the container and "cargo install doh-proxy" was run with no errors. I've then copied /root/,cargo/bin/doh-proxy into /usr/local/sbin

I've exported an SSL cert from LetsEncrypt, with a key, in PEM format. I've validated they match (cert & private key) thus:

$ openssl x509 -modulus -noout -in cert.pem  | openssl md5
(stdin)= 3b083eec165234ec62cb363a695d0490
$ openssl rsa -modulus -noout -in key.pem | openssl md5
(stdin)= 3b083eec165234ec62cb363a695d0490

But when I then come to run:

doh-proxy -l my-internal-ip:443 -u my-internal-dns:53 -I /ssl/cert.pem -i /ssl/key.pem

I get this:

thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Custom { kind: InvalidInput, error: "No private keys found" }', /root/.cargo/registry/src/github.com-1ecc6299db9ec823/libdoh-0.3.3/src/lib.rs:271:22
stack backtrace:
   0:     0x5620afabb0a2 - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::hae7cf1fc581aa961
   1:     0x5620af9eaffd - core::fmt::write::hfe2c8093814b6a4f
   2:     0x5620afab8b44 - std::io::Write::write_fmt::h822f7d43868b3215
   3:     0x5620afab164d - std::panicking::default_hook::{{closure}}::hd6d9da84065c93c3
   4:     0x5620afab1180 - std::panicking::rust_panic_with_hook::h0a6b442be258a78b
   5:     0x5620afab0d1a - rust_begin_unwind
   6:     0x5620af9e9f00 - core::panicking::panic_fmt::h5bed57e7f82612a2
   7:     0x5620af9ea052 - core::result::unwrap_failed::h4c1a6aae239037fc
   8:     0x5620af976b69 - libdoh::DoH::entrypoint::{{closure}}::h8ee67cf2788831d3
   9:     0x5620af999487 - doh_proxy::main::h3ba43cb3cc69a362
  10:     0x5620afabb373 - std::sys_common::backtrace::__rust_begin_short_backtrace::hd71ec9b2e16d0095
  11:     0x5620af99bcd0 - main
  12:     0x7f4f90ae71ef - <unknown>
Aborted (core dumped)

If I use your localhost.pem it starts however. What's up with my certs?

jedisct1 commented 4 years ago

You swapped -i and -I. Use long options to avoid confusion :)