[Csync2] SSL Handshake Problem
Lars Ellenberg
lars.ellenberg at linbit.com
Fri Feb 24 10:56:22 CET 2012
On Fri, Feb 24, 2012 at 08:06:38AM +0000, Tobias Meyer wrote:
> Hello List,
>
> I found this thread on the archive:
>
> >On 01/13/2012 04:16 AM, Mike Young wrote:
> >> Hi,
> >>
> >> I am trying to configure csync2 on a couple of OpenSuse 12.1 nodes, but
> >> I'm having a problem with respect to TLS handshaking. I've added an
> >> entry to /etc/services as was required in the Csync paper (csync2
> >> 30865/tcp # Csync2 service) and I've configured xinetd to enable the
> >> service. The service appears to start without any issues, until I
> >> actually perform a "csync2 xv" operation. Then I get the following
> >>error:
> >>
> >> node1:/etc/csync2 # csync2 -xv
> >> Connecting to host node2 (SSL) ...
> >> WARNING: no socket to connect to
> >> Received record packet of unknown type 87
> >> SSL: handshake failed: An unexpected TLS packet was received.
> >> (GNUTLS_E_UNEXPECTED_PACKET)
>
> I too see this problem after upgrading from openSuse 11.3 (via 11.4) to 12.1.
>
>
>
> >Requires: xinetd libgnutls26 libgnutls-extra26 gnutls sqlite2 librsync
>
> >libtasn1-3
>
> >
>
> >Removing the explicit lib requires and letting RPM sort out the mess
>
> >fixed it for me, i.e. the above line was changed to:
>
> >
>
> >Requires: xinetd gnutls sqlite2
>
> The explicit library references (in rpm -q -requires) seem to be fixed, and libgnutls26 libgnutls-extra26 are also not installed, yet libgnutls28 and libgnutls-extra28 are, but i guess that's OK.
>
> What puzzels me is, that running csync2 in stand-alone server mode (-ii or -iii) works well - the problem only occurs when beeing run through xinetd.
> I really would like to limit csync2 to one interface though and have not yet found a way to do so in stand-alone mode.
>
> Can anyone shed some light on this?
Csync2 not working in "xinetd" mode should be fixed by
http://git.linbit.com/csync2.git
specifically
http://git.linbit.com/gitweb.cgi?p=csync2.git;a=commitdiff;h=e412200979d14c3fcbb233434905f0536943a306
If not, let me know.
--
: Lars Ellenberg
: LINBIT | Your Way to High Availability
: DRBD/HA support and consulting http://www.linbit.com
More information about the Csync2
mailing list