[Csync2] Establishing SSL connection failed

Michael Mansour mic at npgx.com.au
Mon Aug 11 10:19:52 CEST 2008 

Hi Jorge,

Sorry for the late reply, I'm just taking a look at this now as the servers
are going to move into production soon.

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
>   Hello,
> 
>   I have gone through the same problem you are having now.
>   The problem is that there is a bug somewhere between csync2 and
> libgnutls that csync2 uses in handling x.509 certificates generated 
> by OpenSSL with  "CN" field.  To go around the problem you must do a 
> 'openssl req' without data in the "CN" field. This can be achieved 
> no fullfilling that field in the form, or using option "--batch" in 
> this command. You this option, the program will not ask for any 
> fields, and will not put a CN field in the certificate request.

I have gone through the process again:

openssl genrsa -out /etc/csync2_ssl_key.pem 1024

openssl req -new -key /etc/csync2_ssl_key.pem -out /etc/csync2_ssl_cert.csr 

openssl x509 -req -days 600 \
-in /etc/csync2_ssl_cert.csr \
-signkey /etc/csync2_ssl_key.pem \
-out /etc/csync2_ssl_cert.pem

and when I run a sync I get:

# /usr/sbin/csync2 -xv 
Connecting to host blah.server.tld (SSL) ...
Peer did provide a wrong SSL X509 cetrificate.

(notice a spelling mistake with the word "certificate" there)

So my guess is I need to delete the original certificates from the SQLite DB??

If so, how can I do this so I can get the sync working correctly?

Thanks

Michael.

>   I have already posted about this problem before and I upgraded my
> Debian/sid installation, one year ago, during the summer.
> 
>   I hope I have helped.
> 
> Regards,
> Jorge Matias
> CIIST - Centro de Informática do
> Instituto Superior Técnico
> Universidade Técnica de Lisboa
> 
> Michael Mansour escreveu:
> > Hi,
> > 
> > I've built some new servers and installed the latest 1.34 of csync2 on 64 bit
> > Scientific Linux 5.1 (RHEL5 U1)
> > 
> > I've used and administered csync2 for many years on SL4 servers (RHEL4 based)
> > and never had any dramas. With these newer SL5.1 servers, I keep getting this
> > error:
> > 
> > Establishing SSL connection failed. 
> > 
> > and synchronisation of files do not occur.
> > 
> > I have gone through the process of creating the certificates etc, and the
> > above indicates to me that the certificates haven't been put into the sqlite
> > database upon the first attempted sync, but I'm not sure how to resolve this.
> > 
> > Can someone suggest something please?
> > 
> > Running tests with:
> > 
> > # csync2 -vvv -T 
> > 
> > and:
> > 
> > # csync2 -xvvv 
> > 
> > shows me what I want to see (SSL connections ok) but files never synchronise
> > on the remote host.
> > 
> > Michael.
> > _______________________________________________
> > Csync2 mailing list
> > Csync2 at lists.linbit.com
> > http://lists.linbit.com/mailman/listinfo/csync2
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFIYYGaUd8C1V21YR4RAijsAJ9p9Mwy1elGMDSSADTDx+7cihGnbQCePknG
> gJZLvXefa6qamPAO31p6/DM=
> =kw2E
> -----END PGP SIGNATURE-----
> _______________________________________________
> Csync2 mailing list
> Csync2 at lists.linbit.com
> http://lists.linbit.com/mailman/listinfo/csync2
------- End of Original Message -------

More information about the Csync2 mailing list