Bug#445906: boinc-client: SSL fails with ca-bundle.crt linked to ca-certificates

Frank S. Thomas Tue, 09 Oct 2007 16:41:37 -0700

tags 445906 + unreproducible
thanks

Hi Greg,


On Tuesday 09 October 2007, Greg Norris wrote:
> Package: boinc-client
> Version: 5.10.8-2
> Severity: normal
>
> With the supplied ~boinc/ca-bundle.crt, which is a symlink to
> /etc/ssl/certs/ca-certificates.crt, boinc-client is unable to
> communicate with the World Community Grid project (which requires SSL).
> The logfile shows the following error messages: 

> 2007-10-05 20:21:50 [World Community Grid] Scheduler request failed: Peer 
> certificate cannot be
> authenticated with known CA certificates 

> After replacing the symlink with ca-bundle.crt from upstream, everything
> works as expected.

I've now done what I've should done first, I attached WCG to my client
and everything seems work as expected. The client was able to download
WCG's application and is now running the [EMAIL PROTECTED] After enabling
HTTP debugging messages in /etc/boinc_client/cc_config.xml, the client
reports now the following about SSL while ca-bundle.crt still points to
/etc/ssl/certs/ca-certificates.crt:

2007-10-10 01:16:29 [---] [http_debug] [ID#12] info: About to connect() to 
secure.worldcommunitygrid.org port 443 (#0)
2007-10-10 01:16:29 [---] [http_debug] [ID#12] info:   Trying 129.33.89.133... 
2007-10-10 01:16:29 [---] [http_debug] [ID#13] info: About to connect() to 
secure.worldcommunitygrid.org port 443 (#1)
2007-10-10 01:16:29 [---] [http_debug] [ID#13] info:   Trying 129.33.89.133... 
2007-10-10 01:16:29 [---] [http_debug] [ID#12] info: Connected to 
secure.worldcommunitygrid.org (129.33.89.133) port 443 (#0)
2007-10-10 01:16:29 [---] [http_debug] [ID#12] info: successfully set 
certificate verify locations:
2007-10-10 01:16:29 [---] [http_debug] [ID#12] info:   CAfile: ca-bundle.crt
  CApath: none
2007-10-10 01:16:29 [---] [http_debug] [ID#12] info: SSLv2, Client hello (1):
2007-10-10 01:16:29 [---] [http_debug] [ID#13] info: Connected to 
secure.worldcommunitygrid.org (129.33.89.133) port 443 (#1)
2007-10-10 01:16:29 [---] [http_debug] [ID#13] info: successfully set 
certificate verify locations:
2007-10-10 01:16:29 [---] [http_debug] [ID#13] info:   CAfile: ca-bundle.crt
  CApath: none
2007-10-10 01:16:29 [---] [http_debug] [ID#13] info: SSLv2, Client hello (1):
2007-10-10 01:16:29 [---] [http_debug] [ID#12] info: SSLv3, TLS handshake, 
Server hello (2):
2007-10-10 01:16:29 [---] [http_debug] [ID#12] info: SSLv3, TLS handshake, CERT 
(11):
2007-10-10 01:16:29 [---] [http_debug] [ID#12] info: SSLv3, TLS handshake, 
Server finished (14):
2007-10-10 01:16:29 [---] [http_debug] [ID#12] info: SSLv3, TLS handshake, 
Client key exchange (16):
2007-10-10 01:16:29 [---] [http_debug] [ID#12] info: SSLv3, TLS change cipher, 
Client hello (1):
2007-10-10 01:16:29 [---] [http_debug] [ID#12] info: SSLv3, TLS handshake, 
Finished (20):
2007-10-10 01:16:29 [---] [http_debug] [ID#13] info: SSLv3, TLS handshake, 
Server hello (2):
2007-10-10 01:16:29 [---] [http_debug] [ID#13] info: SSLv3, TLS handshake, CERT 
(11):
2007-10-10 01:16:29 [---] [http_debug] [ID#13] info: SSLv3, TLS handshake, 
Server finished (14):
2007-10-10 01:16:29 [---] [http_debug] [ID#13] info: SSLv3, TLS handshake, 
Client key exchange (16):
2007-10-10 01:16:29 [---] [http_debug] [ID#13] info: SSLv3, TLS change cipher, 
Client hello (1):
2007-10-10 01:16:29 [---] [http_debug] [ID#13] info: SSLv3, TLS handshake, 
Finished (20):
2007-10-10 01:16:29 [---] [http_debug] [ID#12] info: SSLv3, TLS change cipher, 
Client hello (1):
2007-10-10 01:16:29 [---] [http_debug] [ID#12] info: SSLv3, TLS handshake, 
Finished (20):
2007-10-10 01:16:29 [---] [http_debug] [ID#12] info: SSL connection using 
AES256-SHA
2007-10-10 01:16:29 [---] [http_debug] [ID#12] info: Server certificate:
2007-10-10 01:16:29 [---] [http_debug] [ID#12] info:     subject: 
/C=US/O=Argonne National Laboratory/OU=MCS Division, Argonne National 
Laboratory/CN=secure.worldcommunitygrid.org
2007-10-10 01:16:29 [---] [http_debug] [ID#12] info:     start date: 2006-10-04 
21:06:55 GMT
2007-10-10 01:16:29 [---] [http_debug] [ID#12] info:     expire date: 
2008-10-15 21:38:33 GMT
2007-10-10 01:16:29 [---] [http_debug] [ID#12] info:     common name: 
secure.worldcommunitygrid.org (matched)
2007-10-10 01:16:29 [---] [http_debug] [ID#12] info:     issuer: 
/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits 
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server 
Certification Authority
2007-10-10 01:16:29 [---] [http_debug] [ID#12] info: SSL certificate verify ok.

Could you please enable http_debug in your cc_config.xml by setting the
value of the http_debug element to 1, restart the client and then post
the relevant debugging messages from ~boinc/stdoutdae.txt.

Thanks and regards,
Frank
-- 
  ,''`.  Frank S. Thomas <[EMAIL PROTECTED]>
 : :' :  http://frank.thomas-alfeld.de
 `. `'   GPG Key ID: 0xDC426429
   `-

signature.asc
Description: This is a digitally signed message part.

Bug#445906: boinc-client: SSL fails with ca-bundle.crt linked to ca-certificates

Reply via email to