<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Hello,<br><br>I am trying to solve this problem with csync2.<br><br>To keep it simple , I made a simple test from server master(Anuket 192.168.1.30) to sever slave (Atum 192.168.1.31).<br><br>Eache server can be reached:<br><br>From Anuket:<br>root@Anuket:~# ping atum<br>PING atum.local.net (192.168.1.31) 56(84) bytes of data.<br>64 bytes from atum.local.net (192.168.1.31): icmp_req=1 ttl=64 time=0.524 ms<br>64 bytes from atum.local.net (192.168.1.31): icmp_req=2 ttl=64 time=0.556 ms<br><br>root@Anuket:~# cat /etc/hosts<br>127.0.0.1 anuket<br>::1 localhost ip6-localhost ip6-loopback<br>fe00::0 ip6-localnet<br>ff00::0 ip6-mcastprefix<br>ff02::1 ip6-allnodes<br>ff02::2 ip6-allrouters<br><br>192.168.1.30 anuket.local.net Anuket<br>192.168.1.31 atum.local.net Atum<br><br><br>From Atum:<br>root@Atum:~# ping anuket<br>PING anuket.local.net (192.168.1.30) 56(84) bytes of data.<br>64 bytes from anuket.local.net (192.168.1.30): icmp_req=1 ttl=64 time=0.624 ms<br>64 bytes from anuket.local.net (192.168.1.30): icmp_req=2 ttl=64 time=0.499 ms<br><br>root@Atum:~# cat /etc/hosts<br>hosts hosts.allow hosts.deny<br>root@Atum:~# cat /etc/hosts<br>hosts hosts.allow hosts.deny<br>root@Atum:~# cat /etc/hosts<br>127.0.0.1 atum<br>::1 localhost ip6-localhost ip6-loopback<br>fe00::0 ip6-localnet<br>ff00::0 ip6-mcastprefix<br>ff02::1 ip6-allnodes<br>ff02::2 ip6-allrouters<br><br>192.168.1.30 anuket.local.net Anuket<br>192.168.1.31 atum.local.net Atum<br><br><br>Versions:<br>root@Anuket:~# gnutls-cli -v<br>gnutls-cli (GnuTLS) 2.12.20<br>Packaged by Debian (2.12.20-8+deb7u3)<br><br>root@Anuket:~# csync2 -v<br><br>csync2 2.0 - cluster synchronization tool, 2nd generation<br>Copyright (C) 2004 - 2013 LINBIT Information Technologies GmbH<br><br>The certification generated using the information from PAPER.<br><br>from the directory where the source is: <br>make cert<br><br>The csync2 key was generated:<br><br><span style="font-size:14.666666666666666px;font-family:Arial;color:#4a86e8;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;" id="ecxdocs-internal-guid-81ef0764-7d3b-fa48-2db1-63cdacf120ad">csync2 -k /etc/csync2.key_mygroup</span><br>And then transfered to node2 (Atum):<br><p dir="ltr" style="line-height:1.38;" id="ecxdocs-internal-guid-81ef0764-7d3c-ec38-85db-c1917175c491"><span style="font-size:14.666666666666666px;font-family:Arial;color:#4a86e8;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;">scp csync2.key_mygroup root@192.168.1.31:/etc/csync2/csync2.key_mygroup</span></p><p dir="ltr" style="line-height:1.38;"><span style="font-size:14.666666666666666px;font-family:Arial;color:#4a86e8;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;">scp csync2_ssl_cert.pem root@192.168.1.31:/etc/csync2/csync2_ssl_cert.pem</span></p><br><br>Csync2 was compiled using SSL support:<br><p dir="ltr" style="line-height:1.38;" id="ecxdocs-internal-guid-81ef0764-7d3b-1ef6-db26-56ef8efefbdb"><span style="font-size:14.666666666666666px;font-family:Arial;color:#4a86e8;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;">./configure --prefix=/usr --sysconfdir=/etc/csync2 &&</span><span style="font-size:14.666666666666666px;font-family:Arial;color:#4a86e8;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;"><br class="ecxkix-line-break"></span><span style="font-size:14.666666666666666px;font-family:Arial;color:#4a86e8;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;">make</span></p><br><br>Configuration os csync2.cfg the same file on both node (anuket and atum):<br>root@Anuket:/etc/csync2# cat csync2.cfg<br># Csync2 Example Configuration File<br># ---------------------------------<br>#<br># Please read the documentation:<br># <a target="" href="http://oss.linbit.com/csync2/paper.pdf">http://oss.linbit.com/csync2/paper.pdf</a><br>#nossl * *;<br>#nossl *-sync *-sync;<br> group mygroup<br> {<br> host (Anuket) Atum;<br># host host4@host4-eth2;<br>#<br> key /etc/csync2/csync2.key_mygroup;<br>#<br># #<br># # WARNING:<br># # You CANNOT use paths containing a symlink<br># # component in include/exclude options!<br># #<br># # Here is a real-life example:<br># # Suppose you have some 64bit Linux systems<br># # and /usr/lib/ocf is what you want to keep<br># # in sync. On 64bit Linux systems, /usr/lib<br># # is usually a symlink to /usr/lib64.<br># # This does not work:<br># # include /usr/lib/ocf;<br># # But this does work:<br># # include /usr/lib64/ocf;<br># #<br>#<br> include /var/www;<br># include %homedir%/bob;<br># exclude %homedir%/bob/temp;<br># exclude *~ .*;<br>#<br> action<br> {<br># pattern /etc/apache/httpd.conf;<br># pattern /etc/apache/sites-available/*;<br># exec "/usr/sbin/apache2ctl graceful";<br> logfile "/var/log/csync2_action.log";<br># do-local;<br># # you can use do-local-only if the execution<br># # should be done locally only<br># # do-local-only;<br> }<br>#<br># # The backup-directory needs to be created first!<br># backup-directory /var/backups/csync2;<br># backup-generations 3;<br>#<br> auto younger;<br> }<br>#<br># prefix homedir<br># {<br># on host[12]: /export/users;<br># on *: /home;<br># }<br>root@Anuket:/etc/csync2#<br><br><br>Configuration of openssl.cfg:<br>root@Anuket:/etc/ssl# cat openssl.cnf<br>#<br># OpenSSL example configuration file.<br># This is mostly being used for generation of certificate requests.<br>#<br><br># This definition stops the following lines choking if HOME isn't<br># defined.<br>HOME = .<br>RANDFILE = $ENV::HOME/.rnd<br><br># Extra OBJECT IDENTIFIER info:<br>#oid_file = $ENV::HOME/.oid<br>oid_section = new_oids<br><br># To use this configuration file with the "-extfile" option of the<br># "openssl x509" utility, name here the section containing the<br># X.509v3 extensions to use:<br># extensions =<br># (Alternatively, use a configuration file that has only<br># X.509v3 extensions in its main [= default] section.)<br><br>[ new_oids ]<br><br># We can add new OIDs in here for use by 'ca', 'req' and 'ts'.<br># Add a simple OID like this:<br># testoid1=1.2.3.4<br># Or use config file substitution like this:<br># testoid2=${testoid1}.5.6<br><br># Policies used by the TSA examples.<br>tsa_policy1 = 1.2.3.4.1<br>tsa_policy2 = 1.2.3.4.5.6<br>tsa_policy3 = 1.2.3.4.5.7<br><br>####################################################################<br>[ ca ]<br>default_ca = CA_default # The default ca section<br><br>####################################################################<br>[ CA_default ]<br><br>dir = ./demoCA # Where everything is kept<br>certs = $dir/certs # Where the issued certs are kept<br>crl_dir = $dir/crl # Where the issued crl are kept<br>database = $dir/index.txt # database index file.<br>#unique_subject = no # Set to 'no' to allow creation of<br> # several ctificates with same subject.<br>new_certs_dir = $dir/newcerts # default place for new certs.<br><br>certificate = $dir/cacert.pem # The CA certificate<br>serial = $dir/serial # The current serial number<br>crlnumber = $dir/crlnumber # the current crl number<br> # must be commented out to leave a V1 CRL<br>crl = $dir/crl.pem # The current CRL<br>private_key = $dir/private/cakey.pem# The private key<br>RANDFILE = $dir/private/.rand # private random number file<br><br>x509_extensions = usr_cert # The extentions to add to the cert<br><br># Comment out the following two lines for the "traditional"<br># (and highly broken) format.<br>name_opt = ca_default # Subject Name options<br>cert_opt = ca_default # Certificate field options<br><br># Extension copying option: use with caution.<br># copy_extensions = copy<br><br># Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs<br># so this is commented out by default to leave a V1 CRL.<br># crlnumber must also be commented out to leave a V1 CRL.<br># crl_extensions = crl_ext<br><br>default_days = 365 # how long to certify for<br>default_crl_days= 30 # how long before next CRL<br>default_md = default # use public key default MD<br>preserve = no # keep passed DN ordering<br><br># A few difference way of specifying how similar the request should look<br># For type CA, the listed attributes must be the same, and the optional<br># and supplied fields are just that :-)<br>policy = policy_match<br><br># For the CA policy<br>[ policy_match ]<br>countryName = match<br>stateOrProvinceName = match<br>organizationName = match<br>organizationalUnitName = optional<br>commonName = supplied<br>emailAddress = optional<br><br># For the 'anything' policy<br># At this point in time, you must list all acceptable 'object'<br># types.<br>[ policy_anything ]<br>countryName = optional<br>stateOrProvinceName = optional<br>localityName = optional<br>organizationName = optional<br>organizationalUnitName = optional<br>commonName = supplied<br>emailAddress = optional<br><br>####################################################################<br>[ req ]<br>default_bits = 2048<br>default_keyfile = privkey.pem<br>distinguished_name = req_distinguished_name<br>attributes = req_attributes<br>x509_extensions = v3_ca # The extentions to add to the self signed cert<br><br># Passwords for private keys if not present they will be prompted for<br># input_password = secret<br># output_password = secret<br><br># This sets a mask for permitted string types. There are several options.<br># default: PrintableString, T61String, BMPString.<br># pkix : PrintableString, BMPString (PKIX recommendation before 2004)<br># utf8only: only UTF8Strings (PKIX recommendation after 2004).<br># nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).<br># MASK:XXXX a literal mask value.<br># WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.<br>string_mask = utf8only<br><br># req_extensions = v3_req # The extensions to add to a certificate request<br><br>[ req_distinguished_name ]<br>countryName = SP<br>countryName_default = SP<br>countryName_min = 2<br>countryName_max = 2<br><br>stateOrProvinceName = Barcelona<br>BstateOrProvinceName_default = Barcelona<br><br>localityName = Barcelona<br><br>0.organizationName = tecxred<br>0.organizationName_default = tecxred<br><br># we can do this but it is not needed normally :-)<br>#1.organizationName = Second Organization Name (eg, company)<br>#1.organizationName_default = World Wide Web Pty Ltd<br><br>organizationalUnitName = Departamentos de sistemas<br>#organizationalUnitName_default =<br><br>commonName = Anuket<br>commonName_max = 64<br><br>emailAddress = Email Address<br>emailAddress_max = 64<br><br># SET-ex3 = SET extension number 3<br><br>[ req_attributes ]<br>challengePassword = 12345678<br>challengePassword_min = 4<br>challengePassword_max = 20<br><br>unstructuredName = tecxred<br><br>[ usr_cert ]<br><br># These extensions are added when 'ca' signs a request.<br><br># This goes against PKIX guidelines but some CAs do it and some software<br># requires this to avoid interpreting an end user certificate as a CA.<br><br>basicConstraints=CA:FALSE<br><br># Here are some examples of the usage of nsCertType. If it is omitted<br># the certificate can be used for anything *except* object signing.<br><br># This is OK for an SSL server.<br># nsCertType = server<br><br># For an object signing certificate this would be used.<br># nsCertType = objsign<br><br># For normal client use this is typical<br># nsCertType = client, email<br><br># and for everything including object signing:<br># nsCertType = client, email, objsign<br><br># This is typical in keyUsage for a client certificate.<br># keyUsage = nonRepudiation, digitalSignature, keyEncipherment<br><br># This will be displayed in Netscape's comment listbox.<br>nsComment = "OpenSSL Generated Certificate"<br><br># PKIX recommendations harmless if included in all certificates.<br>subjectKeyIdentifier=hash<br>authorityKeyIdentifier=keyid,issuer<br><br># This stuff is for subjectAltName and issuerAltname.<br># Import the email address.<br># subjectAltName=email:copy<br># An alternative to produce certificates that aren't<br># deprecated according to PKIX.<br># subjectAltName=email:move<br><br># Copy subject details<br># issuerAltName=issuer:copy<br><br>#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem<br>#nsBaseUrl<br>#nsRevocationUrl<br>#nsRenewalUrl<br>#nsCaPolicyUrl<br>#nsSslServerName<br><br># This is required for TSA certificates.<br># extendedKeyUsage = critical,timeStamping<br><br>[ v3_req ]<br><br># Extensions to add to a certificate request<br><br>basicConstraints = CA:FALSE<br>keyUsage = nonRepudiation, digitalSignature, keyEncipherment<br><br>[ v3_ca ]<br><br><br># Extensions for a typical CA<br><br><br># PKIX recommendation.<br><br>subjectKeyIdentifier=hash<br><br>authorityKeyIdentifier=keyid:always,issuer<br><br># This is what PKIX recommends but some broken software chokes on critical<br># extensions.<br>#basicConstraints = critical,CA:true<br># So we do this instead.<br>basicConstraints = CA:true<br><br># Key usage: this is typical for a CA certificate. However since it will<br># prevent it being used as an test self-signed certificate it is best<br># left out by default.<br># keyUsage = cRLSign, keyCertSign<br><br># Some might want this also<br># nsCertType = sslCA, emailCA<br><br># Include email address in subject alt name: another PKIX recommendation<br># subjectAltName=email:copy<br># Copy issuer details<br># issuerAltName=issuer:copy<br><br># DER hex encoding of an extension: beware experts only!<br># obj=DER:02:03<br># Where 'obj' is a standard or added object<br># You can even override a supported extension:<br># basicConstraints= critical, DER:30:03:01:01:FF<br><br>[ crl_ext ]<br><br># CRL extensions.<br># Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.<br><br># issuerAltName=issuer:copy<br>authorityKeyIdentifier=keyid:always<br><br>[ proxy_cert_ext ]<br># These extensions should be added when creating a proxy certificate<br><br># This goes against PKIX guidelines but some CAs do it and some software<br># requires this to avoid interpreting an end user certificate as a CA.<br><br>basicConstraints=CA:FALSE<br><br># Here are some examples of the usage of nsCertType. If it is omitted<br># the certificate can be used for anything *except* object signing.<br><br># This is OK for an SSL server.<br># nsCertType = server<br><br># For an object signing certificate this would be used.<br># nsCertType = objsign<br><br># For normal client use this is typical<br># nsCertType = client, email<br><br># and for everything including object signing:<br># nsCertType = client, email, objsign<br><br># This is typical in keyUsage for a client certificate.<br># keyUsage = nonRepudiation, digitalSignature, keyEncipherment<br><br># This will be displayed in Netscape's comment listbox.<br>nsComment = "OpenSSL Generated Certificate"<br><br># PKIX recommendations harmless if included in all certificates.<br>subjectKeyIdentifier=hash<br>authorityKeyIdentifier=keyid,issuer<br><br># This stuff is for subjectAltName and issuerAltname.<br># Import the email address.<br># subjectAltName=email:copy<br># An alternative to produce certificates that aren't<br># deprecated according to PKIX.<br># subjectAltName=email:move<br><br># Copy subject details<br># issuerAltName=issuer:copy<br><br>#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem<br>#nsBaseUrl<br>#nsRevocationUrl<br>#nsRenewalUrl<br>#nsCaPolicyUrl<br>#nsSslServerName<br><br># This really needs to be in place for it to be a proxy certificate.<br>proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo<br><br>####################################################################<br>[ tsa ]<br><br>default_tsa = tsa_config1 # the default TSA section<br><br>[ tsa_config1 ]<br><br># These are used by the TSA reply generation only.<br>dir = ./demoCA # TSA root directory<br>serial = $dir/tsaserial # The current serial number (mandatory)<br>crypto_device = builtin # OpenSSL engine to use for signing<br>signer_cert = $dir/tsacert.pem # The TSA signing certificate<br> # (optional)<br>certs = $dir/cacert.pem # Certificate chain to include in reply<br> # (optional)<br>signer_key = $dir/private/tsakey.pem # The TSA private key (optional)<br><br>default_policy = tsa_policy1 # Policy if request did not specify it<br> # (optional)<br>other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)<br>digests = md5, sha1 # Acceptable message digests (mandatory)<br>accuracy = secs:1, millisecs:500, microsecs:100 # (optional)<br>clock_precision_digits = 0 # number of digits after dot. (optional)<br>ordering = yes # Is ordering defined for timestamps?<br> # (optional, default: no)<br>tsa_name = yes # Must the TSA name be included in the reply?<br> # (optional, default: no)<br>ess_cert_id_chain = no # Must the ESS cert id chain be included?<br> # (optional, default: no)<br>root@Anuket:/etc/ssl#<br><br><br>Rrunning in debug mode:<br><br>Anuket:<br><span style="font-size:14.666666666666666px;font-family:Arial;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;" id="ecxdocs-internal-guid-81ef0764-7d3f-c402-7b35-80c54bac6f8b">csync2 -xvvv<br><br></span>Atum:<br><span style="font-size:14.666666666666666px;font-family:Arial;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;" id="ecxdocs-internal-guid-81ef0764-7d40-14bd-03e9-ce8f7a1bbab7">csync2 -iivvv<br><br>And this is the error:<br><br>SQL Query finished.<br>Don't check at all: /var/tmp<br>Don't check at all: /var/swap<br>Don't check at all: /var/spool<br>Don't check at all: /var/run<br>Don't check at all: /var/opt<br>Don't check at all: /var/mail<br>Don't check at all: /var/log<br>Don't check at all: /var/lock<br>Don't check at all: /var/local<br>Don't check at all: /var/lib<br>Don't check at all: /var/cache<br>Don't check at all: /var/backups<br>Don't check at all: /usr<br>Don't check at all: /tmp<br>Don't check at all: /sys<br>Don't check at all: /srv<br>Don't check at all: /selinux<br>Don't check at all: /sbin<br>Don't check at all: /run<br>Don't check at all: /root<br>Don't check at all: /proc<br>Don't check at all: /opt<br>Don't check at all: /mnt<br>Don't check at all: /media<br>Don't check at all: /lost+found<br>Don't check at all: /lib<br>Don't check at all: /home<br>Don't check at all: /etc<br>Don't check at all: /dev<br>Don't check at all: /boot<br>Don't check at all: /bin<br>SQL: SELECT peername FROM dirty GROUP BY peername<br>SQL Query finished.<br>SQL: SELECT filename, myname, forced FROM dirty WHERE peername = 'atum' ORDER by filename ASC<br>SQL Query finished.<br>Connecting to host atum (SSL) ...<br>Connect to 192.168.1.31:30865 (atum).<br>Local> SSL\n<br>Peer> OK (activating_ssl).\n<br>response from peer(<no file>): atum [7] <- OK (activating_ssl).<br>ASSERT: gnutls_constate.c:695<br>HSK[0x1b75ec0]: Keeping ciphersuite: RSA_ARCFOUR_SHA1<br>HSK[0x1b75ec0]: Keeping ciphersuite: RSA_ARCFOUR_MD5<br>HSK[0x1b75ec0]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1<br>HSK[0x1b75ec0]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1<br>HSK[0x1b75ec0]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256<br>HSK[0x1b75ec0]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1<br>HSK[0x1b75ec0]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1<br>HSK[0x1b75ec0]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256<br>HSK[0x1b75ec0]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1<br>HSK[0x1b75ec0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1<br>HSK[0x1b75ec0]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1<br>HSK[0x1b75ec0]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256<br>HSK[0x1b75ec0]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1<br>HSK[0x1b75ec0]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1<br>HSK[0x1b75ec0]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256<br>HSK[0x1b75ec0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1<br>HSK[0x1b75ec0]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1<br>HSK[0x1b75ec0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1<br>HSK[0x1b75ec0]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1<br>HSK[0x1b75ec0]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256<br>HSK[0x1b75ec0]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1<br>HSK[0x1b75ec0]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1<br>HSK[0x1b75ec0]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256<br>HSK[0x1b75ec0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1<br>EXT[0x1b75ec0]: Sending extension SAFE RENEGOTIATION (1 bytes)<br>EXT[SIGA]: sent signature algo (4.2) DSA-SHA256<br>EXT[SIGA]: sent signature algo (4.1) RSA-SHA256<br>EXT[SIGA]: sent signature algo (2.1) RSA-SHA1<br>EXT[SIGA]: sent signature algo (2.2) DSA-SHA1<br>EXT[0x1b75ec0]: Sending extension SIGNATURE ALGORITHMS (10 bytes)<br>HSK[0x1b75ec0]: CLIENT HELLO was sent [112 bytes]<br>HSK[0x1b75ec0]: SERVER HELLO was received [81 bytes]<br>HSK[0x1b75ec0]: Server's version: 3.3<br>HSK[0x1b75ec0]: SessionID length: 32<br>HSK[0x1b75ec0]: SessionID: e63f2e334b3b948ff1f049d0bd867af7f2cd6de8238fe33ae85c52ab05a3a554<br>HSK[0x1b75ec0]: Selected cipher suite: RSA_ARCFOUR_SHA1<br>EXT[0x1b75ec0]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes)<br>HSK[0x1b75ec0]: Safe renegotiation succeeded<br>HSK[0x1b75ec0]: CERTIFICATE was received [451 bytes]<br>ASSERT: ext_signature.c:393<br>HSK[0x1b75ec0]: CERTIFICATE REQUEST was received [89 bytes]<br>EXT[SIGA]: rcvd signature algo (4.2) DSA-SHA256<br>EXT[SIGA]: rcvd signature algo (4.1) RSA-SHA256<br>EXT[SIGA]: rcvd signature algo (2.1) RSA-SHA1<br>EXT[SIGA]: rcvd signature algo (2.2) DSA-SHA1<br>HSK[0x1b75ec0]: SERVER HELLO DONE was received [4 bytes]<br>HSK[0x1b75ec0]: CERTIFICATE was sent [451 bytes]<br>HSK[0x1b75ec0]: CLIENT KEY EXCHANGE was sent [134 bytes]<br>sign handshake cert vrfy: picked RSA-SHA256 with SHA256<br>HSK[0x1b75ec0]: CERTIFICATE VERIFY was sent [136 bytes]<br>REC[0x1b75ec0]: Sent ChangeCipherSpec<br>HSK[0x1b75ec0]: Cipher Suite: RSA_ARCFOUR_SHA1<br>HSK[0x1b75ec0]: Initializing internal [write] cipher sessions<br>HSK[0x1b75ec0]: recording tls-unique CB (send)<br>HSK[0x1b75ec0]: FINISHED was sent [16 bytes]<br>ASSERT: ext_session_ticket.c:710<br>ASSERT: gnutls_buffers.c:640<br>ASSERT: gnutls_record.c:969<br>ASSERT: gnutls_handshake.c:2933<br>ASSERT: gnutls_handshake.c:3139<br>ASSERT: gnutls_record.c:276<br>SSL: handshake failed: A TLS packet with unexpected length was received. (GNUTLS_E_UNEXPECTED_PACKET_LENGTH)<br>SQL: COMMIT<br>root@Anuket:/etc/ssl#<br><br><br>What can be wrong?<br>What is the cause that is not working?<br><br><br>####<br></span><span style="font-size:14.666666666666666px;font-family:Arial;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;" id="ecxdocs-internal-guid-81ef0764-7d40-14bd-03e9-ce8f7a1bbab7"><span style="font-size:14.666666666666666px;font-family:Arial;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;" id="ecxdocs-internal-guid-81ef0764-7d40-14bd-03e9-ce8f7a1bbab7">SSL: handshake failed: A TLS packet with unexpected length was received. (GNUTLS_E_UNEXPECTED_PACKET_LENGTH)</span><br>####<br></span><br>Testing from Raspberrypi:<br><br>root@Anuket:/etc/ssl# uname -a<br>Linux Anuket 3.18.11-v7+ #781 SMP PREEMPT Tue Apr 21 18:07:59 BST 2015 armv7l GNU/Linux<br>root@Anuket:/etc/ssl#<br><br><br>Karim<br><br><br><br>Karim<div><br><br></div> </div></body>
</html>