[Spacewalk-list] question about tls verify osad client

Michiel van Es michiele at info.nl
Thu Jul 24 09:00:12 UTC 2008 

Hi,

I am trying to register my osad clients to the jabber services.
Bot hare CentOS 4 clients.

I installed the spacewalk cert in /usr/share/rhn/RHNS-CA-CERT but get on
one of the clients the following error:

Starting osad: --> <?xml version='1.0' encoding='UTF-8'?><stream:stream
to='devmx01.buro.info.nl' xmlns='jabber:client'
xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>

<-- <features><starttls xmlns = 'urn:ietf:params:xml:ns:xmpp-tls'
><required /></starttls></features>

<-- <proceed />

Traceback caught:
Traceback (most recent call last):
  File "/usr/share/rhn/osad/jabber_lib.py", line 618, in connect
    ssl.do_handshake()
Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate
verify failed')]

2008-07-07 02:08:01 osad._setup_config: Updating configuration
2008-07-07 02:08:01 osad._setup_config: Time drift 1500520
2008-07-07 02:08:01 osad._setup_config: Client name 7cf4e274dcb58128
2008-07-07 02:08:01 osad._setup_config: Shared key
0b4578c62887ff928d63c2480854f4d5b0db1e34
2008-07-07 02:08:01 jabber_lib.setup_connection: Connecting to
devmx01.buro.info.nl
2008-07-07 02:08:01 jabber_lib._get_jabber_client:
2008-07-07 02:08:01 jabber_lib._get_jabber_client: Connecting to
devmx01.buro.info.nl
2008-07-07 02:08:01 jabber_lib.__init__:
2008-07-07 02:08:01 jabber_lib.__init__:
2008-07-07 02:08:01 jabber_lib.check_cert: Loading cert <X509Name object
'/C=NL/ST=Noord Holland/L=Amsterdam/O=Info.nl
HF/OU=devmx01.buro.info.nl/CN=devmx01.buro.info.nl'>
2008-07-07 02:08:01 jabber_lib.connect:
2008-07-07 02:08:01 jabber_lib.connect: Attempting to connect
2008-07-07 02:08:01 jabber_lib.process: 300
2008-07-07 02:08:01 jabber_lib.process: before select(); timeout
299.999974012
2008-07-07 02:08:01 jabber_lib.process: select() returned
2008-07-07 02:08:01 jabber_lib._auth_dispatch: <features><starttls xmlns
= 'urn:ietf:params:xml:ns:xmpp-tls' ><required /></starttls></features>
2008-07-07 02:08:01 jabber_lib.connect: Connected
2008-07-07 02:08:01 jabber_lib.connect: Expecting features stanza, got:
<features><starttls xmlns = 'urn:ietf:params:xml:ns:xmpp-tls' ><required
/></starttls></features>
2008-07-07 02:08:01 jabber_lib.connect: starttls node
<starttls><required /></starttls>
2008-07-07 02:08:01 jabber_lib.process: None
2008-07-07 02:08:01 jabber_lib.process: before select(); timeout None
2008-07-07 02:08:01 jabber_lib.process: select() returned
2008-07-07 02:08:01 jabber_lib._auth_dispatch: <proceed />
2008-07-07 02:08:01 jabber_lib.connect: Expecting proceed stanza, got:
<proceed />
2008-07-07 02:08:01 jabber_lib.connect: Preparing for TLS handshake
                                                           [FAILED]

The TLS handshake is failing but I dont know why?

I have copied the /etc/sysconfig/rhn/up2date and
/etc/sysconfig/rhn/osad.conf from the working CentOS 4 client but still
the same above error.

The permissions on the /usr/share/rhn/RHNS-CA-CERT are correct.

Can someone help telling me where I made a mistake?

Kind regards,

Michiel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 506 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20080724/acb6334a/attachment.sig>

More information about the Spacewalk-list mailing list