[Csync2] SSL Handshake Problem
Lars Ellenberg
lars.ellenberg at linbit.com
Mon Feb 27 15:13:10 CET 2012
On Mon, Feb 27, 2012 at 10:40:33PM +1100, Tim Serong wrote:
> On 02/24/2012 08:56 PM, Lars Ellenberg wrote:
> >On Fri, Feb 24, 2012 at 08:06:38AM +0000, Tobias Meyer wrote:
> >>Hello List,
> >>
> >>I found this thread on the archive:
> >>
> >>>On 01/13/2012 04:16 AM, Mike Young wrote:
> >>>>Hi,
> >>>>
> >>>>I am trying to configure csync2 on a couple of OpenSuse 12.1 nodes, but
> >>>>I'm having a problem with respect to TLS handshaking. I've added an
> >>>>entry to /etc/services as was required in the Csync paper (csync2
> >>>>30865/tcp # Csync2 service) and I've configured xinetd to enable the
> >>>>service. The service appears to start without any issues, until I
> >>>>actually perform a "csync2 xv" operation. Then I get the following
> >>>>error:
> >>>>
> >>>> node1:/etc/csync2 # csync2 -xv
> >>>> Connecting to host node2 (SSL) ...
> >>>> WARNING: no socket to connect to
> >>>> Received record packet of unknown type 87
> >>>> SSL: handshake failed: An unexpected TLS packet was received.
> >>>> (GNUTLS_E_UNEXPECTED_PACKET)
> >>
> >>I too see this problem after upgrading from openSuse 11.3 (via 11.4) to 12.1.
> >>
> >><snip>
> >>
> >>What puzzels me is, that running csync2 in stand-alone server mode (-ii or -iii) works well - the problem only occurs when beeing run through xinetd.
> >>I really would like to limit csync2 to one interface though and have not yet found a way to do so in stand-alone mode.
> >>
> >>Can anyone shed some light on this?
> >
> >Csync2 not working in "xinetd" mode should be fixed by
> >http://git.linbit.com/csync2.git
> >specifically
> >http://git.linbit.com/gitweb.cgi?p=csync2.git;a=commitdiff;h=e412200979d14c3fcbb233434905f0536943a306
> >
> >If not, let me know.
> >
>
> That patch is only good for csync2 2.x, whereas openSUSE is shipping
> csync2 1.34 (which spits less debug stuff out anyway, AFAICT).
>
> Anyway, I've reproduced the problem on two openSUSE 12.1 VMs. And I
> think I've fixed it, by (...drumroll...) uninstalling gnome-keyring
> on both systems. Does this make *any* sense to anybody here?
WTF?
And how did you come up with that?
Personal dislike of gnome-keyring? ;)
--
: Lars Ellenberg
: LINBIT | Your Way to High Availability
: DRBD/HA support and consulting http://www.linbit.com
More information about the Csync2
mailing list