LISTSERV 16.5 - XROOTD-DEV Archives

Hi Cedric,

Yjis is an issue with the root CA which is causing cert validati9on to 
fail. If you seach for "unknown ca:s3_pkt.c:1493" you will many issues 
similar, if not identical, to this along with possible solutions. The 
particular solution is dependint on how the certs were issued.

Andy


On Mon, 12 Sep 2022, ccaffy wrote:

> Hi @abh3 ,
>
> Many thanks for your answer. I removed that `xrd.port tls 1095` directive. It indeed did not work. Now I still have the problem of the server having a TLS error when I use `roots`:
>
> ```
> 220912 09:48:46 7273 ***@***.*** TLS_Accept: Accepting a TLS connection...
> 220912 09:48:46 7273 XrdTLS: ***@***.*** TLS error rc=0 ec=1 (error_ssl) errno=0.
> 220912 09:48:46 7273 XrdTLS: ***@***.*** 140102374799104:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:s3_pkt.c:1493:SSL alert number 48
>
> 220912 09:48:46 7273 XrdLinkXeq: TLS connection from ***@***.*** failed; error_ssl
> 220912 09:48:46 7273 XrootdXeq: Unable to enable TLS for ***@***.***
> 220912 09:48:46 7286 ***@***.*** TLS_Accept: Accepting a TLS connection...
> 220912 09:48:46 7273 XrootdXeq: ***@***.*** disc 0:00:00
> 220912 09:48:46 7286 XrdTLS: ***@***.*** TLS error rc=0 ec=1 (error_ssl) errno=0.
> 220912 09:48:46 7286 XrdTLS: ***@***.*** 140102338623232:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:s3_pkt.c:1493:SSL alert number 48
>
> 220912 09:48:46 7286 XrdLinkXeq: TLS connection from ***@***.*** failed; error_ssl
> 220912 09:48:46 7286 XrootdXeq: Unable to enable TLS for ***@***.***
> 220912 09:48:46 7286 XrootdXeq: ***@***.*** disc 0:00:00
> ```
>
> Again, no problem with HTTP with the following curl command:
>
> ```
> curl -v -X GET https://localhost:1096/tmp/testFile 2>&1 >/dev/null
> ```
>
> Thanks again!
>
> -- 
> Reply to this email directly or view it on GitHub:
> https://github.com/xrootd/xrootd/pull/1778#issuecomment-1243350277
> You are receiving this because you were mentioned.
>
> Message ID: ***@***.***>


-- 
Reply to this email directly or view it on GitHub:
https://github.com/xrootd/xrootd/pull/1778#issuecomment-1274236262
You are receiving this because you are subscribed to this thread.

Message ID: <[log in to unmask]>

########################################################################
Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1