[Csync2] Establishing SSL connection failed
Jorge Daniel Sequeira Matias
jdsm at ist.utl.pt
Tue Aug 12 12:55:04 CEST 2008
On Monday 11 August 2008 09:19:52 you wrote:
> Hi Jorge,
>
> Sorry for the late reply, I'm just taking a look at this now as the servers
> are going to move into production soon.
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hello,
> >
> > I have gone through the same problem you are having now.
> > The problem is that there is a bug somewhere between csync2 and
> > libgnutls that csync2 uses in handling x.509 certificates generated
> > by OpenSSL with "CN" field. To go around the problem you must do a
> > 'openssl req' without data in the "CN" field. This can be achieved
> > no fullfilling that field in the form, or using option "--batch" in
> > this command. You this option, the program will not ask for any
> > fields, and will not put a CN field in the certificate request.
>
> I have gone through the process again:
>
> openssl genrsa -out /etc/csync2_ssl_key.pem 1024
>
> openssl req -new -key /etc/csync2_ssl_key.pem -out /etc/csync2_ssl_cert.csr
>
> openssl x509 -req -days 600 \
> -in /etc/csync2_ssl_cert.csr \
> -signkey /etc/csync2_ssl_key.pem \
> -out /etc/csync2_ssl_cert.pem
>
> and when I run a sync I get:
>
> # /usr/sbin/csync2 -xv
> Connecting to host blah.server.tld (SSL) ...
> Peer did provide a wrong SSL X509 cetrificate.
>
> (notice a spelling mistake with the word "certificate" there)
>
> So my guess is I need to delete the original certificates from the SQLite
> DB??
Yes. You need to do it.
>
> If so, how can I do this so I can get the sync working correctly?
As I don't have a receipt to do that, what I normally do is to delete the db
file in both machines and let that csync2 recreates the file again. I know
that this is not a good idea because I loose track of the file syncing
information. But, generally I don't have any problem with it.
Regards,
Jorge Matias
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.linbit.com/pipermail/csync2/attachments/20080812/c851a398/attachment.pgp
More information about the Csync2
mailing list