Package: jetty9 Version: 9.4.15-1 Severity: important Hi.
The update (libjetty9-java and libjetty9-extra-java) to 9.4.15-1 broke our puppetdb setup; a downgrade to 9.4.14-1 fixes the issue. I can't see any (new/useful/related) error message in the puppetdb log. The error message from our puppetmaster is: Error connecting to puppet-db.XXX on 8081 at route /pdb/cmd/v1?..., error message received was 'SSL_connect returned=1 errno=0 state=error: sslv3 alert certificate unknown'. Failing over to the next PuppetDB server_url in the 'server_urls' list openssl s_client -quiet ... shows: --- depth=1 CN = Puppet CA: puppetmaster.XXX verify return:1 depth=0 CN = puppet-db.XXX verify return:1 139863914905664:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:../ssl/record/rec_layer_s3.c:1407:SSL alert number 46 --- (The same s_client call works with a jetty downgrade to 9.4.14-1, so the client certificate arguments should be good.) --- Installed jetty and puppet packages: ii libjetty9-extra-java 9.4.15-1 all Java servlet engine and webserver -- extra libraries ii libjetty9-java 9.4.15-1 all Java servlet engine and webserver -- core libraries ii libtrapperkeeper-webserver-jetty9-clojure 1.7.0-2 all trapperkeeper webserver service ii libpuppetlabs-http-client-clojure 0.9.0-1 all Clojure wrapper around libhttpasyncclient-java ii libpuppetlabs-i18n-clojure 0.8.0-1 all Clojure i18n library ii libpuppetlabs-ring-middleware-clojure 1.0.0-2 all common Ring middleware for Puppet projects ii puppet 5.5.10-1 all configuration management system ii puppetdb 6.2.0-3 all Puppet data warehouse --- cheers, Stefan -- Stefan Bühler Mail/xmpp: stefan.bueh...@tik.uni-stuttgart.de Netze und Kommunikationssysteme der Universität Stuttgart (NKS) https://www.tik.uni-stuttgart.de/ Telefon: +49 711 685 60854
