I have a puppet 3 agent attempting an agent run against a puppet 4 master but I am getting ssl errors. I'm out of google-fu and I've verified certs and keys, run both sides in debug using puppetserver and the rack "puppet master --no-daemonize --verbose", and am not seeing anything that jumps out at me. I do notice that when running in DEBUG the puppetserver log doesn't spit output during the agent run.
The closest I can get to understanding this is stackoverflow, but I'm not sure how I would tell the agent to use TLSv1.2. http://stackoverflow.com/questions/25814210/opensslsslsslerror-ssl-connect-syscall-returned-5-errno-0-state-sslv3-read Any hints on what these ssl errors are from and how I can fix this? SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A [root@mail10c2 ~]# puppet --version 3.8.5 [root@mail10c2 ~]# cat /etc/redhat-release CentOS release 6.7 (Final) [root@mail10c2 ~]# openssl version OpenSSL 1.0.1e-fips 11 Feb 2013 [root@puppetmaster1stage ~]# rpm -q puppetserver puppetserver-2.2.1-1.el6.noarch [root@puppetmaster1stage ~]# /opt/puppetlabs/bin/puppet --version 4.3.2 [root@puppetmaster1stage ~]# cat /etc/redhat-release CentOS release 6.7 (Final) [root@puppetmaster1stage ~]# /opt/puppetlabs/puppet/bin/openssl version OpenSSL 1.0.2e 3 Dec 2015 I've verified the hostcert, hostpubkey, and localcacert as definitely belonging to each other using openssl. These files exist at the paths from "puppet config print". The localcacert is definitely the CA cert that both server and client use, by md5sum. This is the output (that is definitely the --server in the server cert): [root@mail10c2 util]# puppet agent --onetime --verbose --no-daemonize --no-splay --server puppetmaster1stage Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A Info: Retrieving pluginfacts Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet://puppetmaster1stage/pluginfacts: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A Info: Retrieving plugin Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://puppetmaster1stage/plugins: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A Info: Loading facts Error: Could not retrieve catalog from remote server: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run Error: Could not send report: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20160205215603.GA24864%40iniquitous.heresiarch.ca. For more options, visit https://groups.google.com/d/optout.
