[Csync2] SSL Handshake Problem

Tim Serong tserong at suse.com
Mon Feb 27 12:40:33 CET 2012 

On 02/24/2012 08:56 PM, Lars Ellenberg wrote:
> On Fri, Feb 24, 2012 at 08:06:38AM +0000, Tobias Meyer wrote:
>> Hello List,
>>
>> I found this thread on the archive:
>>
>>> On 01/13/2012 04:16 AM, Mike Young wrote:
>>>> Hi,
>>>>
>>>> I am trying to configure csync2 on a couple of OpenSuse 12.1 nodes, but
>>>> I'm having a problem with respect to TLS handshaking. I've added an
>>>> entry to /etc/services as was required in the Csync paper (csync2
>>>> 30865/tcp # Csync2 service) and I've configured xinetd to enable the
>>>> service. The service appears to start without any issues, until I
>>>> actually perform a "csync2 ­xv" operation. Then I get the following
>>>> error:
>>>>
>>>>      node1:/etc/csync2 # csync2 -xv
>>>>      Connecting to host node2 (SSL) ...
>>>>      WARNING: no socket to connect to
>>>>      Received record packet of unknown type 87
>>>>      SSL: handshake failed: An unexpected TLS packet was received.
>>>>      (GNUTLS_E_UNEXPECTED_PACKET)
>>
>> I too see this problem after upgrading from openSuse 11.3 (via 11.4) to 12.1.
>>
>> <snip>
>>
>> What puzzels me is, that running csync2 in stand-alone server mode (-ii or -iii) works well - the problem only occurs when beeing run through xinetd.
>> I really would like to limit csync2 to one interface though and have not yet found a way to do so in stand-alone mode.
>>
>> Can anyone shed some light on this?
>
> Csync2 not working in "xinetd" mode should be fixed by
> http://git.linbit.com/csync2.git
> specifically
> http://git.linbit.com/gitweb.cgi?p=csync2.git;a=commitdiff;h=e412200979d14c3fcbb233434905f0536943a306
>
> If not, let me know.
>

That patch is only good for csync2 2.x, whereas openSUSE is shipping 
csync2 1.34 (which spits less debug stuff out anyway, AFAICT).

Anyway, I've reproduced the problem on two openSUSE 12.1 VMs.  And I 
think I've fixed it, by (...drumroll...) uninstalling gnome-keyring on 
both systems.  Does this make *any* sense to anybody here?

Tobias, can you check if this works for you?  "zypper rm gnome-keyring" 
or equivalent on both/all systems, then "csync2 -x" again?

Thanks,

Tim
-- 
Tim Serong
Senior Clustering Engineer
SUSE
tserong at suse.com

More information about the Csync2 mailing list