I had a problem with getting the est server to start.
To Reproduce:
Host directory setup:
Dockerfile
libest/
# where libest it a clone of the repo, which in this case is at:
# commit f8a6e5b53a5f70e72fe4029981df0693b17cbb32 (HEAD -> main, origin/main, origin/HEAD)
Dockerfile:
FROM ubuntu:latest
RUN apt update
RUN apt install -y build-essential
RUN apt install -y openssl libssl-dev libsafec-dev
ARG DEBIAN_FRONTEND=noninteractive
RUN apt install -y pkg-config
RUN apt install -y net-tools
COPY libest libest
RUN cd libest; ./configure --with-system-libsafec; make; make install
RUN cd libest/example/server; ./createCA.sh
To run
docker build -t estserver .
docker run -it estserver
# then in the image
root@3ee56ea7e92f:/# cd libest/example/server
root@3ee56ea7e92f:/libest/example/server# ./runserver.sh
Using OpenSSL 1.1.1f 31 Mar 2020
***EST [INFO][est_log_version:231]--> libest 3.2.0p (API level 4)
***EST [INFO][est_log_version:235]--> Compiled against OpenSSL 1.1.1f 31 Mar 2020
***EST [INFO][est_log_version:236]--> Linking to OpenSSL 1.1.1f 31 Mar 2020
***EST [ERROR][est_server_init:3225]--> Length of ca_chain doesn't match ca_chain_len
/libest/src/est/.libs/libest-3.2.0p.so(+0xbed0) [0x7fc4ea033ed0]
/libest/src/est/.libs/libest-3.2.0p.so(est_server_init+0x247) [0x7fc4ea041c37]
/libest/example/server/.libs/estserver(+0x8af8) [0x5608e2766af8]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf3) [0x7fc4e9ace0b3]
/libest/example/server/.libs/estserver(+0x96ce) [0x5608e27676ce]
Unable to initialize EST context. Aborting!!!
root@3ee56ea7e92f:/libest/example/server#
Out of curiosity I replaced EST_CA_MAX with 32000 and it fell to the next error on about line 3234.
***EST [ERROR][est_server_init:3234]--> Actual length of cacerts_resp_chain does not match passed in length value
So I did the same there and it appears to get to the point of waiting for connections:
***EST [INFO][ossl_init_cert_store_from_raw:257]--> Cert being added to trust store: CN = estExampleCA
***EST [INFO][ossl_init_cert_store_from_raw:257]--> Cert being added to trust store: CN = estEXTERNALCA
Retry period being set to: 300
Disabling PoP check
Launching EST server...
***EST [INFO][set_ssl_option:1409]--> Using default ECDHE curve (prime256v1)
***EST [INFO][set_ssl_option:1459]--> TLS SRP not enabled
Image details:
uname -a
Linux 24ef38b9e87a 5.10.47-linuxkit #1 SMP Sat Jul 3 21:51:47 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
I stared to do some digging but ran out of time so I ended up rebuilding with: --disable-safec
Hi,
I had a problem with getting the est server to start.
To Reproduce:
Host directory setup:
Dockerfile:
To run
So with respect to the following line, https://github.com/cisco/libest/blob/f8a6e5b53a5f70e72fe4029981df0693b17cbb32/src/est/est_server.c#L3223
I added added a print statement:
printf("len: %d, sizeof(size_t): %d, EST_CA_MAX: %d\n\n strlen(ca_chain): %d\nCA:\n%s\n\n", len, sizeof(size_t), EST_CA_MAX, strlen((char *)ca_chain), (char *)ca_chain);
and got the following:Out of curiosity I replaced
EST_CA_MAX
with32000
and it fell to the next error on about line 3234.So I did the same there and it appears to get to the point of waiting for connections:
Image details:
I stared to do some digging but ran out of time so I ended up rebuilding with:
--disable-safec
Let me know if you need any more information.