Description Felix Botner 2018-11-27 15:00:51 CET

during the update of my unjoined system i got
-- Unit stunnel4.service has begun starting up.
Nov 27 14:52:44 backup stunnel4[27140]: Starting TLS tunnels: /etc/stunnel/univention_saml.conf: [ ] Clients allowed=500
Nov 27 14:52:44 backup stunnel4[27140]: [.] stunnel 5.39 on x86_64-pc-linux-gnu platform
Nov 27 14:52:44 backup stunnel4[27140]: [.] Compiled/running with OpenSSL 1.1.0f  25 May 2017
Nov 27 14:52:44 backup stunnel4[27140]: [.] Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Auth:LIBWRAP
Nov 27 14:52:44 backup stunnel4[27140]: [ ] errno: (*__errno_location ())
Nov 27 14:52:44 backup stunnel4[27140]: [.] Reading configuration from file /etc/stunnel/univention_saml.conf
Nov 27 14:52:44 backup stunnel4[27140]: [.] UTF-8 byte order mark not detected
Nov 27 14:52:44 backup stunnel4[27140]: [.] FIPS mode disabled
Nov 27 14:52:44 backup stunnel4[27140]: [ ] Compression disabled
Nov 27 14:52:44 backup stunnel4[27140]: [ ] Snagged 64 random bytes from /dev/urandom
Nov 27 14:52:44 backup stunnel4[27140]: [ ] PRNG seeded successfully
Nov 27 14:52:44 backup stunnel4[27140]: [ ] Initializing service [memcached]
Nov 27 14:52:44 backup stunnel4[27140]: [ ] Loading certificate from file:
Nov 27 14:52:44 backup stunnel4[27140]: [!] error queue: 140DC002: error:140DC002:SSL routines:use_certificate_chain_file:system lib
Nov 27 14:52:44 backup stunnel4[27140]: [!] error queue: 20074002: error:20074002:BIO routines:file_ctrl:system lib
Nov 27 14:52:44 backup stunnel4[27140]: [!] SSL_CTX_use_certificate_chain_file: 2001002: error:02001002:system library:fopen:No such file or directory
Nov 27 14:52:44 backup stunnel4[27140]: [!] Service [memcached]: Failed to initialize TLS context
Nov 27 14:52:44 backup stunnel4[27140]: failed
Nov 27 14:52:44 backup stunnel4[27140]: You should check that you have specified the pid= in you configuration file
Nov 27 14:52:44 backup systemd[1]: stunnel4.service: Control process exited, code=exited status=1
Nov 27 14:52:44 backup systemd[1]: Failed to start LSB: Start or stop stunnel 4.x (TLS tunnel for network daemons).

upgrade failed.


-> more /etc/stunnel/univention_saml.conf 
; Warning: This file is auto-generated and might be overwritten by
;          univention-config-registry.
;          Please edit the following file(s) instead:
; Warnung: Diese Datei wurde automatisch generiert und kann durch
;          univention-config-registry ueberschrieben werden.
;          Bitte bearbeiten Sie an Stelle dessen die folgende(n) Datei(en):
; 
; 	/etc/univention/templates/files/etc/stunnel/univention_saml.conf
; 

pid = /var/run/univention-saml/stunnel4.pid
cert = 
key = 
setuid = samlcgi
CAfile = /etc/univention/ssl/ucsCA/CAcert.pem
options = NO_SSLv3
service = univention-saml-stunnel
debug = 4

[memcached]
accept  = 11212
connect = /var/run/univention-saml/memcached.socket
verify = 2
checkHost = 

cert and key is missing, -> deactivate stunnel in /etc/default/stunnel4 until the system is joined