This is not a "minor" bug, it's a show-stopper that prevents the package
from working. I'm adding a lot more detail here in the hopes that a)
someone will make the trivial fix and b) to provide search engines more
detail in the meantime (it'd be really nice if I'd found this bug about
3 hours ago)...
Reported upstream at
http://lists.boxbackup.org/pipermail/boxbackup/2011-January/006126.html
and I just re-reported it more-or-less as below at
http://lists.boxbackup.org/pipermail/boxbackup/2011-January/006133.html.
Package: boxbackup-server
Version: 0.11~rc2-5
Severity: normal
$ apt-cache policy boxbackup-server
boxbackup-server:
Installed: 0.11~rc2-5
Candidate: 0.11~rc2-5
Version table:
*** 0.11~rc2-5 0
500 http://ftp.us.debian.org lenny/main Packages
100 /var/lib/dpkg/status
Linux drake 2.6.26-2-686 #1 SMP Wed Nov 4 20:45:37 UTC 2009 i686 GNU/Linux
PROBLEM:
--------
I got the client connecting to the server, but then I got:
SERVER:
Jan 8 04:17:33 angstrom Box Backup (bbstored)[30573]: WARNING: Message
from child process 31672: Incoming connection from 192.168.99.11 port 46789
Jan 8 04:17:33 angstrom Box Backup (bbstored)[31672]: ERROR: SSL error
during Accept: error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate expired
Jan 8 04:17:33 angstrom Box Backup (bbstored)[31672]: WARNING:
Exception thrown: ConnectionException(Conn_TLSHandshakeFailed) at
SocketStreamTLS.cpp(245)
Jan 8 04:17:33 angstrom Box Backup (bbstored)[31672]: ERROR: Error in
child process, terminating connection: exception Connection
TLSHandshakeFailed(7/30)
CLIENT:
Jan 8 04:17:33 drake Box Backup (bbackupd)[3419]: NOTICE: Beginning
scan of local files
Jan 8 04:17:33 drake Box Backup (bbackupd)[3419]: ERROR: SSL error
during Connect: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Jan 8 04:17:33 drake Box Backup (bbackupd)[3419]: WARNING: Exception
thrown: ConnectionException(Conn_TLSHandshakeFailed) at
SocketStreamTLS.cpp(250)
Jan 8 04:17:33 drake Box Backup (bbackupd)[3419]: WARNING: Suppressing
duplicate notification about backup-error
Jan 8 04:17:33 drake Box Backup (bbackupd)[3419]: ERROR: Exception
caught (Connection TLSHandshakeFailed 7/30), reset state and waiting to
retry...
Jan 8 04:17:43 drake Box Backup (bbackupd)[3419]: NOTICE: File
statistics: total file size uploaded 0, bytes already on server 0,
encoded size 0
Since "sslv3 alert certificate expired" is kind of a clue, I started
looking at the *.pem files. I'm guessing "notAfter=Apr 20 02:52:13 1902
GMT" is a Bad Thing...
# for cert in ca/roots/*.pem; do echo $cert; openssl x509 -in $cert
-dates -noout; done
ca/roots/clientCA.pem
notBefore=Jan 8 09:20:29 2011 GMT
notAfter=Apr 20 02:52:13 1902 GMT
ca/roots/serverCA.pem
notBefore=Jan 8 09:20:30 2011 GMT
notAfter=Apr 20 02:52:14 1902 GMT
I tried an 'rm -rf ca' and 'bbstored-certs ca init' on two different
machines and I got the same thing. The client and server are both using
NTP and time is correct on both.
WORK-AROUND:
1) Edit /usr/bin/bbstored-certs and change that line to read as follows:
my $root_sign_period = '8888';
2) Re-create your CA and re-sign your certs.
Mine look like this now, and the client and server are (finally) talking:
ca/roots/clientCA.pem
notBefore=Jan 8 09:58:03 2011 GMT
notAfter=May 10 09:58:03 2035 GMT
ca/roots/serverCA.pem
notBefore=Jan 8 09:58:04 2011 GMT
notAfter=May 10 09:58:04 2035 GMT
REAL FIX:
I'm not sure. Figure out if it's bbstored-certs or openssl that is
messing up and fix that. Worst case, adjust bbstored-certs as per my
work-around.
Note I had this problem on 2 32-bit machines, 64-bit not tested and
might (hopefully?) be better.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
