Hi, I have problem with seting up tls connection between bconsole and director.

I use certificates and keys from bareos regresion github repo:
https://github.com/bareos/bareos-regress/tree/master/configs/BASE/tls 

My console and Director versions are the same:
bconsole, director - 17.2.4, installed from official ubuntu packages.

Director successfully connects to client and storage daemon using TLS. Jobs 
also works, I can make catalog backup using webui. Problem is only between 
console and director.


director configuration (/etc/bareos/bareos-dir.d/director/bareos-dir.conf):
```
Director {                            # define myself
  Name = dir-1
  QueryFile = "/usr/lib/bareos/scripts/query.sql"
  Maximum Concurrent Jobs = 10
  Password = "test123"
  Messages = Daemon
  Auditing = yes

  TLS Enable = yes
  TLS Require = yes
  TLS CA Certificate File = /bareos-regress/tls/bareos-ca.pem
  TLS Certificate = /bareos-regress/tls/bareos-dir.bareos.org-cert.pem
  TLS Key = /bareos-regress/tls/bareos-dir.bareos.org-key.pem
  TLS Verify Peer = yes
  TLS Allowed CN = "console.bareos.org"
}
```

console configuration (/etc/bareos/bconsole.conf);
```
Director {
  Name = dir-1
  DIRport = 9101
  Address = director.example.com
  Password = "test123"

  TLS Authenticate = yes
  TLS Enable = yes
  TLS Require = yes
  TLS CA Certificate File = /bareos-regress/tls/bareos-ca.pem
  TLS Certificate = /bareos-regress/tls/console.bareos.org-cert.pem
  TLS Key = /bareos-regress/tls/console.bareos.org-key.pem
  TLS Verify Peer = yes
  TLS Allowed CN = "bareos-dir.bareos.org"
}
```

Console logs:
```
sudo bconsole -d 200
bconsole (100): parse_conf.c:151-0 config file = /etc/bareos/bconsole.conf
bconsole (100): lex.c:333-0 glob /etc/bareos/bconsole.conf: 1 files
bconsole (100): lex.c:227-0 open config file: /etc/bareos/bconsole.conf
bconsole (100): lex.c:333-0 glob /etc/bareos/bconsole.conf: 1 files
bconsole (100): lex.c:227-0 open config file: /etc/bareos/bconsole.conf
Connecting to Director 127.0.0.1:9101
bconsole (100): bsock_tcp.c:230-0 Current host[ipv4;127.0.0.1;9101]  All 
host[ipv4;127.0.0.1;9101] 
bconsole (100): bsock_tcp.c:153-0 who=Director daemon host=127.0.0.1 port=9101
bconsole (100): cram-md5.c:123-0 cram-get received: auth cram-md5 
<462364060.1517761300@dir-1> ssl=2
bconsole (99): cram-md5.c:143-0 sending resp to challenge: 
hw/r0SJ0tWkEY+RlGG4OYC
bconsole (50): cram-md5.c:75-0 send: auth cram-md5 
<673735027.1517761300@bconsole> ssl=2
bconsole (50): cram-md5.c:94-0 Authenticate OK Wm/2z9/hm8/hL9/2H4YwCB
bconsole (120): tls_openssl.c:640-0 comparing CNs: 
cert-cn=bareos-dir.bareos.org, allowed-cn=bareos-dir.bareos.org
bconsole (50): bnet.c:202-0 TLS client negotiation established.
bconsole (6): bsock.c:269-0 >dird: 1000 OK auth
Bad response to Hello command: ERR=No data available
The Director at "127.0.0.1:9101" is probably not running.
```

director logs (bareos-dir -d 200 -f):
```
dir-1 (110): socket_server.c:87-0 Conn: Hello *UserAgent* calling
dir-1 (100): storage.c:146-0 wstorage=sd-1
dir-1 (100): storage.c:155-0 wstore=sd-1 where=Job resource
dir-1 (100): job.c:1484-0 JobId=0 created Job=-Console-.2018-02-04_16.21.40_30
dir-1 (50): cram-md5.c:68-0 send: auth cram-md5 <462364060.1517761300@dir-1> 
ssl=2
dir-1 (100): cram-md5.c:123-0 cram-get received: auth cram-md5 
<673735027.1517761300@bconsole> ssl=2
dir-1 (99): cram-md5.c:143-0 sending resp to challenge: Wm/2z9/hm8/hL9/2H4YwCB
dir-1 (120): tls_openssl.c:640-0 comparing CNs: cert-cn=console.bareos.org, 
allowed-cn=console.bareos.org
dir-1 (50): bnet.c:147-0 TLS server negotiation established.
dir-1 (200): job.c:1525-0 Start dird free_jcr
dir-1 (200): job.c:1589-0 End dird free_jcr
dir-1 (200): scheduler.c:326-0 enter find_runs()
```

I don't know whats wrong, it said that "TLS client negotiation established." 
but later there is error "No data available".

-- 
You received this message because you are subscribed to the Google Groups 
"bareos-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to bareos-users+unsubscr...@googlegroups.com.
To post to this group, send email to bareos-users@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to