On Feb 11, 2013, at 8:34 PM, Alex Harvey wrote: > For the sake of the archives (and not sure how useful this will be in the > archives but...) I'll post in plaintext what I see on my screen and then send > you a PCAP file privately.
The way I turned this into meaningful decode was with wireshark/tshark: [eric@glitch.local ~/Downloads]% tshark -n -d tcp.port==8140,ssl -r aix-ssl.pcap -R ssl 4 0.001309 10.10.38.200 -> 10.10.47.48 SSLv2 171 Client Hello 6 0.049141 10.10.47.48 -> 10.10.38.200 TLSv1 1514 Server Hello 8 0.049158 10.10.47.48 -> 10.10.38.200 TLSv1 910 Certificate 10 0.049920 10.10.38.200 -> 10.10.47.48 TLSv1 73 Alert (Level: Fatal, Description: Unknown CA) it then repeats a few times. I suspect the underlying openssl implementation requires the ca certificate to be in the hash-dir format, and won't just use a single-file ca certificate. Can you point the `c_rehash` script from the openssl distribution at your puppet CA cert and see if that changes things? Eric Sorenson - eric.soren...@puppetlabs.com #puppet irc: eric0 -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-dev+unsubscr...@googlegroups.com. To post to this group, send email to puppet-dev@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-dev?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
