[Csync2] SSL Handshake Problem

Tobias Meyer tm at allocation.net
Mon Feb 27 13:28:29 CET 2012


I was about to try installing from source later this afternoon, but removing the gnome-keyring worked right ahead. 
Thanks a lot!

Tobias Meyer

Allocation Network GmbH
Senior Developer

Adresse: Stahlgruberring 22 | 81829 München | www.allocation.net
Geschäftsführung: Bernhard Soltmann | Andreas Vollmann | Andreas Prohaska
Sitz der Gesellschaft: München | HRB Nr. 122527 Amtsgericht München


-----Ursprüngliche Nachricht-----
Von: csync2-bounces at lists.linbit.com [mailto:csync2-bounces at lists.linbit.com] Im Auftrag von Tim Serong
Gesendet: Montag, 27. Februar 2012 12:41
An: csync2 at lists.linbit.com
Betreff: Re: [Csync2] SSL Handshake Problem

On 02/24/2012 08:56 PM, Lars Ellenberg wrote:
> On Fri, Feb 24, 2012 at 08:06:38AM +0000, Tobias Meyer wrote:
>> Hello List,
>>
>> I found this thread on the archive:
>>
>>> On 01/13/2012 04:16 AM, Mike Young wrote:
>>>> Hi,
>>>>
>>>> I am trying to configure csync2 on a couple of OpenSuse 12.1 nodes, 
>>>> but I'm having a problem with respect to TLS handshaking. I've 
>>>> added an entry to /etc/services as was required in the Csync paper 
>>>> (csync2 30865/tcp # Csync2 service) and I've configured xinetd to 
>>>> enable the service. The service appears to start without any 
>>>> issues, until I actually perform a "csync2 ­xv" operation. Then I 
>>>> get the following
>>>> error:
>>>>
>>>>      node1:/etc/csync2 # csync2 -xv
>>>>      Connecting to host node2 (SSL) ...
>>>>      WARNING: no socket to connect to
>>>>      Received record packet of unknown type 87
>>>>      SSL: handshake failed: An unexpected TLS packet was received.
>>>>      (GNUTLS_E_UNEXPECTED_PACKET)
>>
>> I too see this problem after upgrading from openSuse 11.3 (via 11.4) to 12.1.
>>
>> <snip>
>>
>> What puzzels me is, that running csync2 in stand-alone server mode (-ii or -iii) works well - the problem only occurs when beeing run through xinetd.
>> I really would like to limit csync2 to one interface though and have not yet found a way to do so in stand-alone mode.
>>
>> Can anyone shed some light on this?
>
> Csync2 not working in "xinetd" mode should be fixed by 
> http://git.linbit.com/csync2.git specifically
> http://git.linbit.com/gitweb.cgi?p=csync2.git;a=commitdiff;h=e41220097
> 9d14c3fcbb233434905f0536943a306
>
> If not, let me know.
>

That patch is only good for csync2 2.x, whereas openSUSE is shipping
csync2 1.34 (which spits less debug stuff out anyway, AFAICT).

Anyway, I've reproduced the problem on two openSUSE 12.1 VMs.  And I think I've fixed it, by (...drumroll...) uninstalling gnome-keyring on both systems.  Does this make *any* sense to anybody here?

Tobias, can you check if this works for you?  "zypper rm gnome-keyring" 
or equivalent on both/all systems, then "csync2 -x" again?

Thanks,

Tim
--
Tim Serong
Senior Clustering Engineer
SUSE
tserong at suse.com
_______________________________________________
Csync2 mailing list
Csync2 at lists.linbit.com
http://lists.linbit.com/mailman/listinfo/csync2


More information about the Csync2 mailing list