Hi,
I have a large base of csync2 setups on debian/squeeze.
Lately I am adding debian/wheezy, but the csync2 of wheezy denies
the connection from the squeeze version.
I set up the ssl like this:
yes ''|(openssl genrsa -out /etc/csync2_ssl_key.pem 1024
openssl req -new -key /etc/csync2_ssl_key.pem -out /etc/csync2_ssl_cert.csr
openssl x509 -req -days 600 -in /etc/csync2_ssl_cert.csr \
-signkey /etc/csync2_ssl_key.pem -out /etc/csync2_ssl_cert.pem)
This works great on squeeze. But wheezy seems to deny connections
from/to older versions:
This is part of a csync2 -TT <old> <new>
run on the old system:
> read(7, "-----BEGIN CERTIFICATE-----\nMIIC"..., 8192) = 757
> read(7, "", 4096) = 0
> close(7) = 0
> munmap(0x7fa2412dd000, 4096) = 0
> open("/etc/csync2_ssl_key.pem", O_RDONLY) = 7
> fstat(7, {st_mode=S_IFREG|0644, st_size=891, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x7fa2412dd000
> read(7, "-----BEGIN RSA PRIVATE KEY-----\n"..., 8192) = 891
> read(7, "", 4096) = 0
> close(7) = 0
> munmap(0x7fa2412dd000, 4096) = 0
> open("/etc/csync2_ssl_cert.pem", O_RDONLY) = 7
> fstat(7, {st_mode=S_IFREG|0644, st_size=757, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x7fa2412dd000
> read(7, "-----BEGIN CERTIFICATE-----\nMIIC"..., 8192) = 757
> read(7, "", 4096) = 0
> close(7) = 0
> munmap(0x7fa2412dd000, 4096) = 0
> getrusage(RUSAGE_SELF, {ru_utime={0, 10000}, ru_stime={0, 0}, ...}) = 0
> times({tms_utime=1, tms_stime=0, tms_cutime=0, tms_cstime=0}) = 4336147999
> getrusage(RUSAGE_SELF, {ru_utime={0, 10000}, ru_stime={0, 0}, ...}) = 0
> times({tms_utime=1, tms_stime=0, tms_cutime=0, tms_cstime=0}) = 4336147999
> sendto(5,
> "\26\3\1\0P\1\0\0L\3\1P\376\212\252\234\10x'+\3541\370y\321\343\344\273\32\232\335\263"...,
> 85, 0, NULL, 0) = 85
> recvfrom(5, "\26\3\1\0J", 5, 0, NULL, NULL) = 5
> recvfrom(5,
> "\2\0\0F\3\1P\376\212\252D)\30\30P\256M\365\213f4\227U\263*\375I[\35\4\220l"...,
> 74, 0, NULL, NULL) = 74
> recvfrom(5, "\26\3\1\2\17", 5, 0, NULL, NULL) = 5
> recvfrom(5,
> "\v\0\2\v\0\2\10\0\2\0050\202\2\0010\202\1j\2\t\0\345\207\331\5\352\314\377R0\r\6"...,
> 527, 0, NULL, NULL) = 527
> recvfrom(5, "\26\3\1\0\233", 5, 0, NULL, NULL) = 5
> recvfrom(5,
> "\r\0\0\227\2\1\2\0\222\0G0E1\v0\t\6\3U\4\6\23\2AU1\0230\21\6\3"..., 155, 0,
> NULL, NULL) = 155
> recvfrom(5, "\26\3\1\0\4", 5, 0, NULL, NULL) = 5
> recvfrom(5, "\16\0\0\0", 4, 0, NULL, NULL) = 4
> sendto(5, "\26\3\1\0\7\v\0\0\3\0\0\0", 12, 0, NULL, 0) = 12
> getrusage(RUSAGE_SELF, {ru_utime={0, 10000}, ru_stime={0, 0}, ...}) = 0
> times({tms_utime=1, tms_stime=0, tms_cutime=0, tms_cstime=0}) = 4336147999
> getrusage(RUSAGE_SELF, {ru_utime={0, 10000}, ru_stime={0, 0}, ...}) = 0
> times({tms_utime=1, tms_stime=0, tms_cutime=0, tms_cstime=0}) = 4336147999
> sendto(5,
> "\26\3\1\0\206\20\0\0\202\0\200M\n\212\240\357\351mQ\202x\343\235:E<\24cp\374\3110"...,
> 139, 0, NULL, 0) = 139
> sendto(5, "\24\3\1\0\1\1", 6, 0, NULL, 0) = 6
This is the dump on the new, run with csync2 -ii:
> [pid 7142] read(5, "-----BEGIN RSA PRIVATE KEY-----\n"..., 4096) = 891
> [pid 7142] read(5, "", 4096) = 0
> [pid 7142] close(5) = 0
> [pid 7142] munmap(0x7fd40de60000, 4096) = 0
> [pid 7142] open("/etc/csync2_ssl_cert.pem", O_RDONLY) = 5
> [pid 7142] fstat(5, {st_mode=S_IFREG|0644, st_size=757, ...}) = 0
> [pid 7142] fstat(5, {st_mode=S_IFREG|0644, st_size=757, ...}) = 0
> [pid 7142] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
> -1, 0) = 0x7fd40de60000
> [pid 7142] lseek(5, 0, SEEK_CUR) = 0
> [pid 7142] read(5, "-----BEGIN CERTIFICATE-----\nMIIC"..., 4096) = 757
> [pid 7142] read(5, "", 4096) = 0
> [pid 7142] close(5) = 0
> [pid 7142] munmap(0x7fd40de60000, 4096) = 0
> [pid 7142] recvfrom(0, "\26\3\1\0P", 5, 0, NULL, NULL) = 5
> [pid 7142] recvfrom(0,
> "\1\0\0L\3\1P\376\212\252\234\10x'+\3541\370y\321\343\344\273\32\232\335\263\177\r\330\371F"...,
> 80, 0, NULL, NULL) = 80
> [pid 7142] getrusage(RUSAGE_SELF, {ru_utime={0, 0}, ru_stime={0, 0}, ...}) = > 0
> [pid 7142] times({tms_utime=0, tms_stime=0, tms_cutime=0, tms_cstime=0}) =
> 4329903491
> [pid 7142] getrusage(RUSAGE_SELF, {ru_utime={0, 0}, ru_stime={0, 0}, ...}) = > 0
> [pid 7142] times({tms_utime=0, tms_stime=0, tms_cutime=0, tms_cstime=0}) =
> 4329903491
> [pid 7142] brk(0x1da6000) = 0x1da6000
> [pid 7142] brk(0x1d9e000) = 0x1d9e000
> [pid 7142] writev(1,
> [{"\26\3\1\0J\2\0\0F\3\1P\376\212\252D)\30\30P\256M\365\213f4\227U\263*\375I"...,
> 79},
> {"\26\3\1\2\17\v\0\2\v\0\2\10\0\2\0050\202\2\0010\202\1j\2\t\0\345\207\331\5\352\314"...,
> 532}, {"\26\3\1\0\233\r\0\0\227\2\1\2\0\222\0G0E1\v0\t\6\3U\4\6\23\2AU1"...,
> 160}, {"\26\3\1\0\4\16\0\0\0", 9}], 4) = 780
> [pid 7142] recvfrom(0, "\26\3\1\0\7", 5, 0, NULL, NULL) = 5
> [pid 7142] recvfrom(0, "\v\0\0\3\0\0\0", 7, 0, NULL, NULL) = 7
> [pid 7142] write(2, "<7142> ", 7) = 7
> [pid 7142] write(2, "Establishing SSL connection fail"..., 36) = 36
> [pid 7142] exit_group(1) = ?
> Process 7142 detached
I hope anyone has a clue what's wrong here :-(.
Regards,
Ard
_______________________________________________
Csync2 mailing list
Csync2@lists.linbit.com
http://lists.linbit.com/mailman/listinfo/csync2
