Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] TLS negotiation handshake errors

2009-04-09 10:40:21
Subject: Re: [Bacula-users] TLS negotiation handshake errors
From: baculalist AT encambio DOT com
To: bacula-users AT lists.sourceforge DOT net
Date: Thu, 9 Apr 2009 16:36:02 +0200 
Hello Dan and Ryan,

On mer., avr  08, 2009, Dan LANGILLE wrote:
>baculalist AT encambio DOT com wrote:
>> Bacula 2.4.4 and OpenSSL 0.9.8k on Solaris x86 11 (nv-b91),
>> everything is hand compiled but nothing special.
>> 
>>   Director hostname back1.host.com: Solaris x86 11 (nv-b91)
>>   File daemon hostname back1.host.com: Solaris x86 11 (nv-b91)
>> 
>>   Errors seen on the director:
>>   08-Apr 09:36 bacsrv-dir JobId 40: Start Backup JobId 40, 
>> Job=Debut.2009-04-08_09.36.52.03
>>   08-Apr 09:36 bacsrv-dir JobId 40: Using Device "FileStorage"
>>   08-Apr 09:37 bacsrv-dir JobId 0: Error: openssl.c:86 Connect failure: 
>> ERR=error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
>>   08-Apr 09:37 bacsrv-dir JobId 40: Fatal error: TLS negotiation failed with 
>> FD at "back1.host.com:9102".
>> 
>> If I try:
>> 
>>   back1$ /pfx/bin/openssl s_client -connect back1.host.com:9102
>>   CONNECTED(00000004)
>>   10511:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake 
>> failure:s23_lib.c:188:
>> 
>> If I try:
>> 
>>   back1# /pfx/bin/openssl s_server -accept 1080 -cert bacula-crt.pem -key 
>> bacula-key.pem -CAfile certauth.pem
>>   back1$ /pfx/bin/openssl s_client -connect back1.host.com:1080
>> 
>> ...everything works and TLS negotiation succeeds without errors.
>> 
>> By the way, an identical (same versions and config files) setup
>> with two other hosts Ubuntu 8.04 server AMD64 and OpenSUSE 11
>> AMD64 succeeds.
>> 
>> My question is, 'have you seen this (SSL3_GET_RECORD:wrong version
>> number) or similar errors appearing in bacula? Any idea how to rid
>> the daemons of this problem?
>>
>>
>I Googled. I found:
>
>http://www.mail-archive.com/bacula-users AT lists.sourceforge DOT 
>net/msg04842.html
>
>Does that help?
>
Very little. I've checked that my certs are correct (permissions,
CN=, etc.) In the bacula config files I've added hostnames (matching
CN=) with 'TLS Allowed CN' in every possible place (according to th
'-t' option to check config files.)

As I wrote before, the identical configs taken to another machine
don't lead to this failure. That's why I'm not convinced that it's
a configuration problem as the post you found suggests.

I'll keep trying more things in the meantime, but if anybody has
another idea I'd love to hear it. Until this is fixed, bacula is
useless to me.

-- 
Eduard

------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] backup speed is slow, Pascal Clermont
Next by Date:  Re: [Bacula-users] invalid catalog request again, Jeff Dickens
Previous by Thread:  Re: [Bacula-users] TLS negotiation handshake errors, Ryan Novosielski
Next by Thread:  Re: [Bacula-users] TLS negotiation handshake errors, Ryan Novosielski
Indexes:  [Date] [Thread] [Top] [All Lists]