Hi Cedric,

Yjis is an issue with the root CA which is causing cert validati9on to
fail. If you seach for "unknown ca:s3_pkt.c:1493" you will many issues
similar, if not identical, to this along with possible solutions. The
particular solution is dependint on how the certs were issued.

Andy


On Mon, 12 Sep 2022, ccaffy wrote:

> Hi @abh3 ,
>
> Many thanks for your answer. I removed that `xrd.port tls 1095` directive. It indeed did not work. Now I still have the problem of the server having a TLS error when I use `roots`:
>
> ```
> 220912 09:48:46 7273 ***@***.*** TLS_Accept: Accepting a TLS connection...
> 220912 09:48:46 7273 XrdTLS: ***@***.*** TLS error rc=0 ec=1 (error_ssl) errno=0.
> 220912 09:48:46 7273 XrdTLS: ***@***.*** 140102374799104:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:s3_pkt.c:1493:SSL alert number 48
>
> 220912 09:48:46 7273 XrdLinkXeq: TLS connection from ***@***.*** failed; error_ssl
> 220912 09:48:46 7273 XrootdXeq: Unable to enable TLS for ***@***.***
> 220912 09:48:46 7286 ***@***.*** TLS_Accept: Accepting a TLS connection...
> 220912 09:48:46 7273 XrootdXeq: ***@***.*** disc 0:00:00
> 220912 09:48:46 7286 XrdTLS: ***@***.*** TLS error rc=0 ec=1 (error_ssl) errno=0.
> 220912 09:48:46 7286 XrdTLS: ***@***.*** 140102338623232:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:s3_pkt.c:1493:SSL alert number 48
>
> 220912 09:48:46 7286 XrdLinkXeq: TLS connection from ***@***.*** failed; error_ssl
> 220912 09:48:46 7286 XrootdXeq: Unable to enable TLS for ***@***.***
> 220912 09:48:46 7286 XrootdXeq: ***@***.*** disc 0:00:00
> ```
>
> Again, no problem with HTTP with the following curl command:
>
> ```
> curl -v -X GET https://localhost:1096/tmp/testFile 2>&1 >/dev/null
> ```
>
> Thanks again!
>
> --
> Reply to this email directly or view it on GitHub:
> https://github.com/xrootd/xrootd/pull/1778#issuecomment-1243350277
> You are receiving this because you were mentioned.
>
> Message ID: ***@***.***>


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <xrootd/xrootd/pull/1778/c1274236262@github.com>

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/pull/1778#issuecomment-1274236262", "url": "https://github.com/xrootd/xrootd/pull/1778#issuecomment-1274236262", "name": "View Pull Request" }, "description": "View this Pull Request on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1