Well, according to the server log the error is "the certificate is not yet valid: the notBefore date is after the current time." (at least that'w what is implied). The failure occured at 230307 01:21:07 so, what was the "notBefore" date/time? I suppose that information is gone as its likely a proxy cert but if this is a scipt running the gfal copy then dumping out the cert when you get this error may tell us something. On Mon, 6 Mar 2023, Fabio Andrijauskas wrote: > Hi All, > > Anohter case: > > ``` > gfal-copy error: 13 (Permission denied) - Could not stat the source: Result (Neon): SSL handshake failed: sslv3 alert bad certificate after 1 attempts > Mon Mar 6 18:21:12 PST 2023 > gfal-copy error: 13 (Permission denied) - Could not stat the source: Result (Neon): SSL handshake failed: sslv3 alert bad certificate after 1 attempts > Mon Mar 6 18:21:12 PST 2023 > gfal-copy error: 13 (Permission denied) - Could not stat the source: Result (Neon): SSL handshake failed: sslv3 alert bad certificate after 1 attempts > Mon Mar 6 18:21:14 PST 2023 > gfal-copy error: 13 (Permission denied) - Could not stat the source: Result (Neon): SSL handshake failed: sslv3 alert bad certificate after 1 attempts > Mon Mar 6 18:21:14 PST 2023 > Copying https://cf-ac-uk-cache.nationalresearchplatform.org:8443/user/ligo/test_access/access_ligo [DONE] after 0s > Mon Mar 6 18:21:16 PST 2023 > Copying https://cf-ac-uk-cache.nationalresearchplatform.org:8443/user/ligo/test_access/access_ligo [DONE] after 0s > Mon Mar 6 18:21:16 PST 2023 > Copying https://cf-ac-uk-cache.nationalresearchplatform.org:8443/user/ligo/test_access/access_ligo [DONE] after 0s > Mon Mar 6 18:21:18 PST 2023 > Copying https://cf-ac-uk-cache.nationalresearchplatform.org:8443/user/ligo/test_access/access_ligo [DONE] after 0s > Mon Mar 6 18:21:18 PST 2023 > ``` > > > ``` > 230307 01:21:07 882 ***@***.*** http_Protocol: received dump: 22 03 01 02 00 01 00 01 -04 03 03 -02 -120 -99 83 00 > 230307 01:21:07 882 ***@***.*** http_Protocol: This does not look like http at pos 0 > 230307 01:21:07 882 ***@***.*** http_Protocol: This may look like https > 230307 01:21:07 882 ***@***.*** http_Protocol: Protocol matched. https: True > 230307 01:21:07 882 http_Protocol: Reset > 230307 01:21:07 882 http_Req: XrdHttpReq request ended. > 230307 01:21:07 882 Xrd_ProtLoad: matched port 8443 protocol http > 230307 01:21:07 882 ***@***.*** Xrd_Poll: FD 43 attached to poller 0; num=1 > 230307 01:21:07 882 ***@***.*** http_Protocol: Process. lp:0x41ea260 reqstate: 0 > 230307 01:21:07 882 ***@***.*** http_Protocol: Setting host: [::ffff:131.215.113.168] > 230307 01:21:07 882 ***@***.*** http_Protocol: Entering SSL_accept... > 230307 01:21:07 863 Xrd_Inet: Accepted connection on port 8443 from ***@***.*** > 230307 01:21:07 863 ***@***.*** http_Protocol: received dlen: 16 > 230307 01:21:07 863 ***@***.*** http_Protocol: received dump: 22 03 01 02 00 01 00 01 -04 03 03 00 14 74 -37 00 > 230307 01:21:07 863 ***@***.*** http_Protocol: This does not look like http at pos 0 > 230307 01:21:07 863 ***@***.*** http_Protocol: This may look like https > 230307 01:21:07 863 ***@***.*** http_Protocol: Protocol matched. https: True > 230307 01:21:07 863 http_Protocol: Reset > 230307 01:21:07 863 http_Req: XrdHttpReq request ended. > 230307 01:21:07 863 Xrd_ProtLoad: matched port 8443 protocol http > 230307 01:21:07 863 ***@***.*** Xrd_Poll: FD 39 attached to poller 1; num=1 > 230307 01:21:07 863 ***@***.*** http_Protocol: Process. lp:0x41e9640 reqstate: 0 > 230307 01:21:07 863 ***@***.*** http_Protocol: Setting host: [::ffff:131.215.113.168] > 230307 01:21:07 863 ***@***.*** http_Protocol: Entering SSL_accept... > 230307 01:21:07 884 Xrd_Inet: Accepted connection on port 8443 from ***@***.*** > 230307 01:21:07 884 ***@***.*** http_Protocol: received dlen: 16 > 230307 01:21:07 884 ***@***.*** http_Protocol: received dump: 22 03 01 02 00 01 00 01 -04 03 03 52 -90 -90 -82 00 > 230307 01:21:07 884 ***@***.*** http_Protocol: This does not look like http at pos 0 > 230307 01:21:07 884 ***@***.*** http_Protocol: This may look like https > 230307 01:21:07 884 ***@***.*** http_Protocol: Protocol matched. https: True > 230307 01:21:07 884 http_Protocol: Reset > 230307 01:21:07 884 http_Req: XrdHttpReq request ended. > 230307 01:21:07 884 Xrd_ProtLoad: matched port 8443 protocol http > 230307 01:21:07 884 ***@***.*** Xrd_Poll: FD 47 attached to poller 2; num=1 > 230307 01:21:07 884 ***@***.*** http_Protocol: Process. lp:0x41eae80 reqstate: 0 > 230307 01:21:07 884 ***@***.*** http_Protocol: Setting host: [::ffff:131.215.113.168] > 230307 01:21:07 884 ***@***.*** http_Protocol: Entering SSL_accept... > 230307 01:21:07 883 Xrd_Inet: Accepted connection on port 8443 from ***@***.*** > 230307 01:21:07 883 ***@***.*** http_Protocol: received dlen: 16 > 230307 01:21:07 883 ***@***.*** http_Protocol: received dump: 22 03 01 02 00 01 00 01 -04 03 03 -117 14 -49 118 00 > 230307 01:21:07 883 ***@***.*** http_Protocol: This does not look like http at pos 0 > 230307 01:21:07 883 ***@***.*** http_Protocol: This may look like https > 230307 01:21:07 883 ***@***.*** http_Protocol: Protocol matched. https: True > 230307 01:21:07 883 http_Protocol: Reset > 230307 01:21:07 883 http_Req: XrdHttpReq request ended. > 230307 01:21:07 883 Xrd_ProtLoad: matched port 8443 protocol http > 230307 01:21:07 883 ***@***.*** Xrd_Poll: FD 45 attached to poller 0; num=2 > 230307 01:21:07 883 ***@***.*** http_Protocol: Process. lp:0x41ea870 reqstate: 0 > 230307 01:21:07 883 ***@***.*** http_Protocol: Setting host: [::ffff:131.215.113.168] > 230307 01:21:07 883 ***@***.*** http_Protocol: Entering SSL_accept... > 230307 01:21:07 862 Xrd_Inet: Accepted connection on port 8443 from ***@***.*** > 230307 01:21:07 862 ***@***.*** http_Protocol: received dlen: 16 > 230307 01:21:07 862 ***@***.*** http_Protocol: received dump: 22 03 01 02 00 01 00 01 -04 03 03 -34 -76 -122 -69 00 > 230307 01:21:07 862 ***@***.*** http_Protocol: This does not look like http at pos 0 > 230307 01:21:07 862 ***@***.*** http_Protocol: This may look like https > 230307 01:21:07 862 ***@***.*** http_Protocol: Protocol matched. https: True > 230307 01:21:07 862 http_Protocol: Reset > 230307 01:21:07 862 http_Req: XrdHttpReq request ended. > 230307 01:21:07 862 Xrd_ProtLoad: matched port 8443 protocol http > 230307 01:21:07 862 ***@***.*** Xrd_Poll: FD 37 attached to poller 1; num=2 > 230307 01:21:07 862 ***@***.*** http_Protocol: Process. lp:0x41e9030 reqstate: 0 > 230307 01:21:07 862 ***@***.*** http_Protocol: Setting host: [::ffff:131.215.113.168] > 230307 01:21:07 862 ***@***.*** http_Protocol: Entering SSL_accept... > 230307 01:21:07 882 XrdTLS: CertVerify: Cert verification failed for DN=/DC=org/DC=cilogon/C=US/O=LIGO/CN=Fabio Andrijauskas ***@***.*** > 230307 01:21:07 863 XrdTLS: CertVerify: Cert verification failed for DN=/DC=org/DC=cilogon/C=US/O=LIGO/CN=Fabio Andrijauskas ***@***.*** > 230307 01:21:07 882 XrdTLS: CertVerify: Failing cert issuer=/DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Silver CA 1 > 230307 01:21:07 863 XrdTLS: CertVerify: Failing cert issuer=/DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Silver CA 1 > 230307 01:21:07 882 XrdTLS: CertVerify: Error 9 at depth 0 [certificate is not yet valid] > 230307 01:21:07 863 XrdTLS: CertVerify: Error 9 at depth 0 [certificate is not yet valid] > 230307 01:21:07 863 XrdTLS: CertVerify: 140198909929216:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: TRUSTED CERTIFICATE > > 230307 01:21:07 882 ***@***.*** http_Protocol: SSL_accept returned :-1 > 230307 01:21:07 863 ***@***.*** http_Protocol: SSL_accept returned :-1 > 140198776727296:error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed:s3_srvr.c:3327: > 140198909929216:error:0B06F009:x509 certificate routines:X509_load_cert_file:PEM lib:by_file.c:152: > 140198909929216:error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed:s3_srvr.c:3327: > 230307 01:21:07 863 http_Protocol: Cleanup > 230307 01:21:07 863 http_Protocol: Reset > 230307 01:21:07 884 XrdTLS: CertVerify: Cert verification failed for DN=/DC=org/DC=cilogon/C=US/O=LIGO/CN=Fabio Andrijauskas ***@***.*** > 230307 01:21:07 863 http_Req: XrdHttpReq request ended. > 230307 01:21:07 884 XrdTLS: CertVerify: Failing cert issuer=/DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Silver CA 1 > 230307 01:21:07 884 XrdTLS: CertVerify: Error 9 at depth 0 [certificate is not yet valid] > 230307 01:21:07 882 http_Protocol: Cleanup > 230307 01:21:07 863 ***@***.*** Xrd_Poll: Poller 1 removing FD 39 > 230307 01:21:07 882 http_Protocol: Reset > 230307 01:21:07 863 ***@***.*** Xrd_Poll: FD 39 detached from poller 1; num=1 > 230307 01:21:07 882 http_Req: XrdHttpReq request ended. > 230307 01:21:07 884 ***@***.*** http_Protocol: SSL_accept returned :-1 > 230307 01:21:07 882 ***@***.*** Xrd_Poll: Poller 0 removing FD 43 > 140198772524800:error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed:s3_srvr.c:3327: > 230307 01:21:07 882 ***@***.*** Xrd_Poll: FD 43 detached from poller 0; num=1 > 230307 01:21:07 884 http_Protocol: Cleanup > 230307 01:21:07 884 http_Protocol: Reset > 230307 01:21:07 884 http_Req: XrdHttpReq request ended. > 230307 01:21:07 884 ***@***.*** Xrd_Poll: Poller 2 removing FD 47 > 230307 01:21:07 884 ***@***.*** Xrd_Poll: FD 47 detached from poller 2; num=0 > 230307 01:21:07 883 XrdTLS: CertVerify: Cert verification failed for DN=/DC=org/DC=cilogon/C=US/O=LIGO/CN=Fabio Andrijauskas ***@***.*** > 230307 01:21:07 883 XrdTLS: CertVerify: Failing cert issuer=/DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Silver CA 1 > 230307 01:21:07 883 XrdTLS: CertVerify: Error 9 at depth 0 [certificate is not yet valid] > 230307 01:21:07 883 ***@***.*** http_Protocol: SSL_accept returned :-1 > 140198774626048:error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed:s3_srvr.c:3327: > 230307 01:21:07 883 http_Protocol: Cleanup > 230307 01:21:07 883 http_Protocol: Reset > 230307 01:21:07 883 http_Req: XrdHttpReq request ended. > 230307 01:21:07 883 ***@***.*** Xrd_Poll: Poller 0 removing FD 45 > 230307 01:21:07 883 ***@***.*** Xrd_Poll: FD 45 detached from poller 0; num=0 > 230307 01:21:07 862 XrdTLS: CertVerify: Cert verification failed for DN=/DC=org/DC=cilogon/C=US/O=LIGO/CN=Fabio Andrijauskas ***@***.*** > 230307 01:21:07 862 XrdTLS: CertVerify: Failing cert issuer=/DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Silver CA 1 > 230307 01:21:07 862 XrdTLS: CertVerify: Error 9 at depth 0 [certificate is not yet valid] > 230307 01:21:07 862 ***@***.*** http_Protocol: SSL_accept returned :-1 > 140198912030464:error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed:s3_srvr.c:3327: > 230307 01:21:07 862 http_Protocol: Cleanup > 230307 01:21:07 862 http_Protocol: Reset > 230307 01:21:07 862 http_Req: XrdHttpReq request ended. > 230307 01:21:07 862 ***@***.*** Xrd_Poll: Poller 1 removing FD 37 > 230307 01:21:07 862 ***@***.*** Xrd_Poll: FD 37 detached from poller 1; num=0 > 230307 01:21:08 885 Xrd_Inet: Accepted connection on port 8443 from ***@***.*** > 230307 01:21:08 886 Xrd_Inet: Accepted connection on port 8443 from ***@***.*** > 230307 01:21:08 885 ***@***.*** http_Protocol: received dlen: 16 > 230307 01:21:08 885 ***@***.*** http_Protocol: received dump: 22 03 01 02 00 01 00 01 -04 03 03 61 -85 -115 -46 00 > 230307 01:21:08 885 ***@***.*** http_Protocol: This does not look like http at pos 0 > 230307 01:21:08 885 ***@***.*** http_Protocol: This may look like https > 230307 01:21:08 885 ***@***.*** http_Protocol: Protocol matched. https: True > 230307 01:21:08 885 Xrd_ProtLoad: matched port 8443 protocol http > 230307 01:21:08 885 ***@***.*** Xrd_Poll: FD 49 attached to poller 0; num=1 > 230307 01:21:08 885 ***@***.*** http_Protocol: Process. lp:0x41eb490 reqstate: 0 > 230307 01:21:08 885 ***@***.*** http_Protocol: Setting host: [::ffff:131.215.113.168] > 230307 01:21:08 885 ***@***.*** http_Protocol: Entering SSL_accept... > 230307 01:21:08 886 ***@***.*** http_Protocol: received dlen: 16 > 230307 01:21:08 886 ***@***.*** http_Protocol: received dump: 22 03 01 02 00 01 00 01 -04 03 03 -81 -82 -27 95 00 > 230307 01:21:08 886 ***@***.*** http_Protocol: This does not look like http at pos 0 > 230307 01:21:08 886 ***@***.*** http_Protocol: This may look like https > 230307 01:21:08 886 ***@***.*** http_Protocol: Protocol matched. https: True > 230307 01:21:08 886 Xrd_ProtLoad: matched port 8443 protocol http > 230307 01:21:08 886 ***@***.*** Xrd_Poll: FD 33 attached to poller 1; num=1 > 230307 01:21:08 886 ***@***.*** http_Protocol: Process. lp:0x41e8410 reqstate: 0 > 230307 01:21:08 886 ***@***.*** http_Protocol: Setting host: [::ffff:131.215.113.168] > 230307 01:21:08 886 ***@***.*** http_Protocol: Entering SSL_accept... > 230307 01:21:08 863 Xrd_Inet: Accepted connection on port 8443 from ***@***.*** > 230307 01:21:08 863 ***@***.*** http_Protocol: received dlen: 16 > 230307 01:21:08 863 ***@***.*** http_Protocol: received dump: 22 03 01 02 00 01 00 01 -04 03 03 22 82 10 28 00 > 230307 01:21:08 863 ***@***.*** http_Protocol: This does not look like http at pos 0 > 230307 01:21:08 863 ***@***.*** http_Protocol: This may look like https > 230307 01:21:08 863 ***@***.*** http_Protocol: Protocol matched. https: True > 230307 01:21:08 863 Xrd_ProtLoad: matched port 8443 protocol http > 230307 01:21:08 863 ***@***.*** Xrd_Poll: FD 35 attached to poller 2; num=1 > 230307 01:21:08 863 ***@***.*** http_Protocol: Process. lp:0x41e8a20 reqstate: 0 > 230307 01:21:08 863 ***@***.*** http_Protocol: Setting host: [::ffff:131.215.113.168] > 230307 01:21:08 863 ***@***.*** http_Protocol: Entering SSL_accept... > 230307 01:21:08 882 Xrd_Inet: Accepted connection on port 8443 from ***@***.*** > 230307 01:21:08 882 ***@***.*** http_Protocol: received dlen: 16 > 230307 01:21:08 882 ***@***.*** http_Protocol: received dump: 22 03 01 02 00 01 00 01 -04 03 03 33 -110 -22 -104 00 > 230307 01:21:08 882 ***@***.*** http_Protocol: This does not look like http at pos 0 > 230307 01:21:08 882 ***@***.*** http_Protocol: This may look like https > 230307 01:21:08 882 ***@***.*** http_Protocol: Protocol matched. https: True > 230307 01:21:08 882 Xrd_ProtLoad: matched port 8443 protocol http > 230307 01:21:08 882 ***@***.*** Xrd_Poll: FD 34 attached to poller 0; num=2 > 230307 01:21:08 882 ***@***.*** http_Protocol: Process. lp:0x41e8718 reqstate: 0 > 230307 01:21:08 882 ***@***.*** http_Protocol: Setting host: [::ffff:131.215.113.168] > > ``` > > -- > Reply to this email directly or view it on GitHub: > https://github.com/xrootd/xrootd/issues/1940#issuecomment-1457413663 > You are receiving this because you commented. > > Message ID: ***@***.***> -- Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/1940#issuecomment-1457462040 You are receiving this because you commented. Message ID: <[log in to unmask]> ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1