I have compiled versions 2.6.5, 2.7.1 & 2.7.3 and have been unable to implement ssl encryption between upsd and the other processes such as upsmon etc on Solaris 10.

My target machine and build server are running Solaris 10/08 running in 32 bit mode. Both servers are recently patched. All other nut functionality is working fine on target server. I am compiling with gcc, gmake, etc.

My configure command is:

./configure  --with-ssl --with-openssl --with-wrap --with-logfacility=LOG_DAEMON \
    --with-openssl-includes=-I/usr/include:/usr/local/ssl/include/openssl \
    --with-openssl-libs='-L/usr/lib:/usr/sfw/lib:/usr/local/ssl/lib -lssl -lcrypto' \
    --with-group=ups --with-user=root \
    --with-snmp-libs=/usr/sfw/lib --with-snmp=no --with-usb=no

make && make install

Configure reports that all ssl libraries are found. /usr/local/ssl contains a build of openssl 1.0.1p. My openssl was used to create the certificate and works well with other packages I have on the system such as ntp and ssh.

I have followed the instructions in the documentation in section 9.5 "Configuring SSL". I created upsd.pem and a certificate using instructions in documentation.

I changed the following configuration entries

upsd.conf: CERTFILE /usr/local/ups/etc/upsd.pem
upsmon.conf: CERTPATH /usr/local/ups/etc/certs
upsmon.conf: FORCESSL 1

I also compiled and made a 2.7.3 and 2.7.1 nut package for RHEL 6. When I change above config settings and use the exact same cert and key, the upsmon to upsd connection is encrypted!! I verified this thru packet sniffing and upmon itself now states it is using ssl. So I know my Solaris problem is not with the certficate files nor with my understanding of how to configure NUT.

ldd on upsd on rhel6 and solaris both list ssl shared objects as dependencies.

upsmon and upsd debugging show that upsmon says hello and upsd does not understand the hello. It should say hello back and then send its certificate. This occurs on RHEL6 but the ssl handshake fails immediately on Solaris 10/08.

UPS: power0@localhost (master) (power value 1)
   0.000207     UPS: ups0@localhost (master) (power value 1)
   0.000572     Using power down flag file /var/state/ups/killpower
   0.001068     debug level is '2'
   0.008958     Trying to connect to UPS [power0@localhost]
   0.011489     SSL_connect do not accept handshake.: Error 0
   0.011585     ssl_error() EOF from client
   0.011617     Can not connect to localhost in SSL, disconnect
   0.011825     UPS [power0@localhost]: connect failed: SSL error: error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure
   0.011876     do_notify: ntype 0x0005 (COMMBAD)
   0.011899     Communications with UPS power0@localhost lost
   0.013125     Trying to connect to UPS [ups0@localhost]
   0.015265     SSL_connect do not accept handshake.: Error 0
   0.015355     ssl_error() EOF from client
   0.015379     Can not connect to localhost in SSL, disconnect

Open config.txt in wordpad or vi. This is config.log.