Re: CUPS upgrade from Lenny to Squeeze breaks encryption - HELP
On Thu, 2010-07-29 at 10:17 +0200, Florian Kulzer wrote: On Thu, Jul 29, 2010 at 03:22:31 -0400, John A. Sullivan III wrote: On Thu, 2010-07-29 at 06:41 +, Camaleón wrote: On Thu, 29 Jul 2010 01:46:40 -0400, John A. Sullivan III wrote: Hello, all. We are in quite a pickle tonight - our CUPS printing is complete broken after an upgrade. The cups error_log is filled with Bad request line VCB from 172.x.x.1!' Printers do not appear in Gnome or OpenOffice and, even though they appear in KDE, they are unavailable. (...) I remember a similar thread: *** Help - CUPS printing stopped working http://lists.debian.org/debian-user/2010/07/msg00844.html *** So maybe you are hitting this bug? *** cups: https interface has SSL error (SSL received a record that exceeded the maximum permissible length) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590610 Yes, that looks like it and there does not appear to be a patch or workaround yet :( Both the older thread and the bug report show that an SSL error is encountered when an SSL connection to the CUPS web interface is attempted on the standard, unencrypted CUPS port (631). As far as I know, that is the normal behavior with 1.4.4. #590610 looks like misunderstanding or a user configuration error to me. Your problem might very well be a different issue. In your case, I would: - Use netstat on the cups server to check on which port it listens for the SSL connections. - Verify that the CUPS web interface works for an https connection to that port (not necessarily 631), first from the server itself and then from the client. - Try to specify the SSL port explicitly in all server URLs configured on the client. - If that does not help, use tcpdump or strace -enetwork to see exactly which connections on which ports the client is attempting when it tries to print a document. Note: I do not use encrypted CUPS connections myself, so the above advice involves some guesswork. I don't know on which port(s) CUPS printing (as opposed to the CUPS web interface) negotiates encrypted connections. Maybe some changes of the procedure were introduced in the newer CUPS version, so I would also have a look at the changelog with that in mind. Thanks very much. I thought the idea of user error very possible as I am by no means a CUPS expert. In the past, we have used the same port for encrypted and unencrypted traffic. So I tried to specify a different port for SSL with SSLListen only to have CUPS not accept it and issue an unknown directive error. After a bit of searching, I see in the cups 1.2b1 release notes: The scheduler now automatically detects SSL/TLS clients without using the SSLPort/SSLListen directives. That was our previous experience anyway. So I am assuming this is a new bug. Any other ideas? Thanks again - John -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1280591253.3342.3.ca...@localhost
Re: CUPS upgrade from Lenny to Squeeze breaks encryption - HELP
On Thu, 29 Jul 2010 01:46:40 -0400, John A. Sullivan III wrote: Hello, all. We are in quite a pickle tonight - our CUPS printing is complete broken after an upgrade. The cups error_log is filled with Bad request line VCB from 172.x.x.1!' Printers do not appear in Gnome or OpenOffice and, even though they appear in KDE, they are unavailable. (...) I remember a similar thread: *** Help - CUPS printing stopped working http://lists.debian.org/debian-user/2010/07/msg00844.html *** So maybe you are hitting this bug? *** cups: https interface has SSL error (SSL received a record that exceeded the maximum permissible length) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590610 *** Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2010.07.29.06.41...@gmail.com
Re: CUPS upgrade from Lenny to Squeeze breaks encryption - HELP
On Thu, 2010-07-29 at 06:41 +, Camaleón wrote: On Thu, 29 Jul 2010 01:46:40 -0400, John A. Sullivan III wrote: Hello, all. We are in quite a pickle tonight - our CUPS printing is complete broken after an upgrade. The cups error_log is filled with Bad request line VCB from 172.x.x.1!' Printers do not appear in Gnome or OpenOffice and, even though they appear in KDE, they are unavailable. (...) I remember a similar thread: *** Help - CUPS printing stopped working http://lists.debian.org/debian-user/2010/07/msg00844.html *** So maybe you are hitting this bug? *** cups: https interface has SSL error (SSL received a record that exceeded the maximum permissible length) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590610 *** Greetings, -- Camaleón Yes, that looks like it and there does not appear to be a patch or workaround yet :( -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1280388151.3523.9.ca...@localhost
Re: CUPS upgrade from Lenny to Squeeze breaks encryption - HELP
On Thu, Jul 29, 2010 at 03:22:31 -0400, John A. Sullivan III wrote: On Thu, 2010-07-29 at 06:41 +, Camaleón wrote: On Thu, 29 Jul 2010 01:46:40 -0400, John A. Sullivan III wrote: Hello, all. We are in quite a pickle tonight - our CUPS printing is complete broken after an upgrade. The cups error_log is filled with Bad request line VCB from 172.x.x.1!' Printers do not appear in Gnome or OpenOffice and, even though they appear in KDE, they are unavailable. (...) I remember a similar thread: *** Help - CUPS printing stopped working http://lists.debian.org/debian-user/2010/07/msg00844.html *** So maybe you are hitting this bug? *** cups: https interface has SSL error (SSL received a record that exceeded the maximum permissible length) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590610 Yes, that looks like it and there does not appear to be a patch or workaround yet :( Both the older thread and the bug report show that an SSL error is encountered when an SSL connection to the CUPS web interface is attempted on the standard, unencrypted CUPS port (631). As far as I know, that is the normal behavior with 1.4.4. #590610 looks like misunderstanding or a user configuration error to me. Your problem might very well be a different issue. In your case, I would: - Use netstat on the cups server to check on which port it listens for the SSL connections. - Verify that the CUPS web interface works for an https connection to that port (not necessarily 631), first from the server itself and then from the client. - Try to specify the SSL port explicitly in all server URLs configured on the client. - If that does not help, use tcpdump or strace -enetwork to see exactly which connections on which ports the client is attempting when it tries to print a document. Note: I do not use encrypted CUPS connections myself, so the above advice involves some guesswork. I don't know on which port(s) CUPS printing (as opposed to the CUPS web interface) negotiates encrypted connections. Maybe some changes of the procedure were introduced in the newer CUPS version, so I would also have a look at the changelog with that in mind. -- Regards,| Florian | -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100729081737.ga27...@bavaria.univ-lyon1.fr
CUPS upgrade from Lenny to Squeeze breaks encryption - HELP
Hello, all. We are in quite a pickle tonight - our CUPS printing is complete broken after an upgrade. The cups error_log is filled with Bad request line VCB from 172.x.x.1!' Printers do not appear in Gnome or OpenOffice and, even though they appear in KDE, they are unavailable. All clients are set to Encryption Always in /etc/cups/client.conf. If we comment out that line, all works. The server side certs and keys are present and valid and set to default names in /etc/cups/ssl. We were noticing persistent but non-fatal errors about SSL shutdown failed: Error in the push function. So we decided to do a simple apt-get upgrade on the CUPS server. This upgraded libcups2. For obscure reasons, we were running libcups2 from Squeeze but cups from Lenny. This upgrade broke cups. CUPS could not start and failed with a missing library call. Thus, we upgraded cups to Squeeze. That's when we hit this problem. What happened and how do we fix it before morning? Thanks - John -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1280382400.3523.8.ca...@localhost
