Well, according to the server log the error is "the certificate is not yet
valid: the notBefore date is after the current time." (at least that'w
what is implied). The failure occured at 230307 01:21:07 so, what was the
"notBefore" date/time? I suppose that information is gone as its likely a
proxy cert but if this is a scipt running the gfal copy then dumping out
the cert when you get this error may tell us something.
On Mon, 6 Mar 2023, Fabio Andrijauskas wrote:
> Hi All,
>
> Anohter case:
>
> ```
> gfal-copy error: 13 (Permission denied) - Could not stat the source: Result (Neon): SSL handshake failed: sslv3 alert bad certificate after 1 attempts
> Mon Mar 6 18:21:12 PST 2023
> gfal-copy error: 13 (Permission denied) - Could not stat the source: Result (Neon): SSL handshake failed: sslv3 alert bad certificate after 1 attempts
> Mon Mar 6 18:21:12 PST 2023
> gfal-copy error: 13 (Permission denied) - Could not stat the source: Result (Neon): SSL handshake failed: sslv3 alert bad certificate after 1 attempts
> Mon Mar 6 18:21:14 PST 2023
> gfal-copy error: 13 (Permission denied) - Could not stat the source: Result (Neon): SSL handshake failed: sslv3 alert bad certificate after 1 attempts
> Mon Mar 6 18:21:14 PST 2023
> Copying https://cf-ac-uk-cache.nationalresearchplatform.org:8443/user/ligo/test_access/access_ligo [DONE] after 0s
> Mon Mar 6 18:21:16 PST 2023
> Copying https://cf-ac-uk-cache.nationalresearchplatform.org:8443/user/ligo/test_access/access_ligo [DONE] after 0s
> Mon Mar 6 18:21:16 PST 2023
> Copying https://cf-ac-uk-cache.nationalresearchplatform.org:8443/user/ligo/test_access/access_ligo [DONE] after 0s
> Mon Mar 6 18:21:18 PST 2023
> Copying https://cf-ac-uk-cache.nationalresearchplatform.org:8443/user/ligo/test_access/access_ligo [DONE] after 0s
> Mon Mar 6 18:21:18 PST 2023
> ```
>
>
> ```
> 230307 01:21:07 882 ***@***.*** http_Protocol: received dump: 22 03 01 02 00 01 00 01 -04 03 03 -02 -120 -99 83 00
> 230307 01:21:07 882 ***@***.*** http_Protocol: This does not look like http at pos 0
> 230307 01:21:07 882 ***@***.*** http_Protocol: This may look like https
> 230307 01:21:07 882 ***@***.*** http_Protocol: Protocol matched. https: True
> 230307 01:21:07 882 http_Protocol: Reset
> 230307 01:21:07 882 http_Req: XrdHttpReq request ended.
> 230307 01:21:07 882 Xrd_ProtLoad: matched port 8443 protocol http
> 230307 01:21:07 882 ***@***.*** Xrd_Poll: FD 43 attached to poller 0; num=1
> 230307 01:21:07 882 ***@***.*** http_Protocol: Process. lp:0x41ea260 reqstate: 0
> 230307 01:21:07 882 ***@***.*** http_Protocol: Setting host: [::ffff:131.215.113.168]
> 230307 01:21:07 882 ***@***.*** http_Protocol: Entering SSL_accept...
> 230307 01:21:07 863 Xrd_Inet: Accepted connection on port 8443 from ***@***.***
> 230307 01:21:07 863 ***@***.*** http_Protocol: received dlen: 16
> 230307 01:21:07 863 ***@***.*** http_Protocol: received dump: 22 03 01 02 00 01 00 01 -04 03 03 00 14 74 -37 00
> 230307 01:21:07 863 ***@***.*** http_Protocol: This does not look like http at pos 0
> 230307 01:21:07 863 ***@***.*** http_Protocol: This may look like https
> 230307 01:21:07 863 ***@***.*** http_Protocol: Protocol matched. https: True
> 230307 01:21:07 863 http_Protocol: Reset
> 230307 01:21:07 863 http_Req: XrdHttpReq request ended.
> 230307 01:21:07 863 Xrd_ProtLoad: matched port 8443 protocol http
> 230307 01:21:07 863 ***@***.*** Xrd_Poll: FD 39 attached to poller 1; num=1
> 230307 01:21:07 863 ***@***.*** http_Protocol: Process. lp:0x41e9640 reqstate: 0
> 230307 01:21:07 863 ***@***.*** http_Protocol: Setting host: [::ffff:131.215.113.168]
> 230307 01:21:07 863 ***@***.*** http_Protocol: Entering SSL_accept...
> 230307 01:21:07 884 Xrd_Inet: Accepted connection on port 8443 from ***@***.***
> 230307 01:21:07 884 ***@***.*** http_Protocol: received dlen: 16
> 230307 01:21:07 884 ***@***.*** http_Protocol: received dump: 22 03 01 02 00 01 00 01 -04 03 03 52 -90 -90 -82 00
> 230307 01:21:07 884 ***@***.*** http_Protocol: This does not look like http at pos 0
> 230307 01:21:07 884 ***@***.*** http_Protocol: This may look like https
> 230307 01:21:07 884 ***@***.*** http_Protocol: Protocol matched. https: True
> 230307 01:21:07 884 http_Protocol: Reset
> 230307 01:21:07 884 http_Req: XrdHttpReq request ended.
> 230307 01:21:07 884 Xrd_ProtLoad: matched port 8443 protocol http
> 230307 01:21:07 884 ***@***.*** Xrd_Poll: FD 47 attached to poller 2; num=1
> 230307 01:21:07 884 ***@***.*** http_Protocol: Process. lp:0x41eae80 reqstate: 0
> 230307 01:21:07 884 ***@***.*** http_Protocol: Setting host: [::ffff:131.215.113.168]
> 230307 01:21:07 884 ***@***.*** http_Protocol: Entering SSL_accept...
> 230307 01:21:07 883 Xrd_Inet: Accepted connection on port 8443 from ***@***.***
> 230307 01:21:07 883 ***@***.*** http_Protocol: received dlen: 16
> 230307 01:21:07 883 ***@***.*** http_Protocol: received dump: 22 03 01 02 00 01 00 01 -04 03 03 -117 14 -49 118 00
> 230307 01:21:07 883 ***@***.*** http_Protocol: This does not look like http at pos 0
> 230307 01:21:07 883 ***@***.*** http_Protocol: This may look like https
> 230307 01:21:07 883 ***@***.*** http_Protocol: Protocol matched. https: True
> 230307 01:21:07 883 http_Protocol: Reset
> 230307 01:21:07 883 http_Req: XrdHttpReq request ended.
> 230307 01:21:07 883 Xrd_ProtLoad: matched port 8443 protocol http
> 230307 01:21:07 883 ***@***.*** Xrd_Poll: FD 45 attached to poller 0; num=2
> 230307 01:21:07 883 ***@***.*** http_Protocol: Process. lp:0x41ea870 reqstate: 0
> 230307 01:21:07 883 ***@***.*** http_Protocol: Setting host: [::ffff:131.215.113.168]
> 230307 01:21:07 883 ***@***.*** http_Protocol: Entering SSL_accept...
> 230307 01:21:07 862 Xrd_Inet: Accepted connection on port 8443 from ***@***.***
> 230307 01:21:07 862 ***@***.*** http_Protocol: received dlen: 16
> 230307 01:21:07 862 ***@***.*** http_Protocol: received dump: 22 03 01 02 00 01 00 01 -04 03 03 -34 -76 -122 -69 00
> 230307 01:21:07 862 ***@***.*** http_Protocol: This does not look like http at pos 0
> 230307 01:21:07 862 ***@***.*** http_Protocol: This may look like https
> 230307 01:21:07 862 ***@***.*** http_Protocol: Protocol matched. https: True
> 230307 01:21:07 862 http_Protocol: Reset
> 230307 01:21:07 862 http_Req: XrdHttpReq request ended.
> 230307 01:21:07 862 Xrd_ProtLoad: matched port 8443 protocol http
> 230307 01:21:07 862 ***@***.*** Xrd_Poll: FD 37 attached to poller 1; num=2
> 230307 01:21:07 862 ***@***.*** http_Protocol: Process. lp:0x41e9030 reqstate: 0
> 230307 01:21:07 862 ***@***.*** http_Protocol: Setting host: [::ffff:131.215.113.168]
> 230307 01:21:07 862 ***@***.*** http_Protocol: Entering SSL_accept...
> 230307 01:21:07 882 XrdTLS: CertVerify: Cert verification failed for DN=/DC=org/DC=cilogon/C=US/O=LIGO/CN=Fabio Andrijauskas ***@***.***
> 230307 01:21:07 863 XrdTLS: CertVerify: Cert verification failed for DN=/DC=org/DC=cilogon/C=US/O=LIGO/CN=Fabio Andrijauskas ***@***.***
> 230307 01:21:07 882 XrdTLS: CertVerify: Failing cert issuer=/DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Silver CA 1
> 230307 01:21:07 863 XrdTLS: CertVerify: Failing cert issuer=/DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Silver CA 1
> 230307 01:21:07 882 XrdTLS: CertVerify: Error 9 at depth 0 [certificate is not yet valid]
> 230307 01:21:07 863 XrdTLS: CertVerify: Error 9 at depth 0 [certificate is not yet valid]
> 230307 01:21:07 863 XrdTLS: CertVerify: 140198909929216:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: TRUSTED CERTIFICATE
>
> 230307 01:21:07 882 ***@***.*** http_Protocol: SSL_accept returned :-1
> 230307 01:21:07 863 ***@***.*** http_Protocol: SSL_accept returned :-1
> 140198776727296:error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed:s3_srvr.c:3327:
> 140198909929216:error:0B06F009:x509 certificate routines:X509_load_cert_file:PEM lib:by_file.c:152:
> 140198909929216:error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed:s3_srvr.c:3327:
> 230307 01:21:07 863 http_Protocol: Cleanup
> 230307 01:21:07 863 http_Protocol: Reset
> 230307 01:21:07 884 XrdTLS: CertVerify: Cert verification failed for DN=/DC=org/DC=cilogon/C=US/O=LIGO/CN=Fabio Andrijauskas ***@***.***
> 230307 01:21:07 863 http_Req: XrdHttpReq request ended.
> 230307 01:21:07 884 XrdTLS: CertVerify: Failing cert issuer=/DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Silver CA 1
> 230307 01:21:07 884 XrdTLS: CertVerify: Error 9 at depth 0 [certificate is not yet valid]
> 230307 01:21:07 882 http_Protocol: Cleanup
> 230307 01:21:07 863 ***@***.*** Xrd_Poll: Poller 1 removing FD 39
> 230307 01:21:07 882 http_Protocol: Reset
> 230307 01:21:07 863 ***@***.*** Xrd_Poll: FD 39 detached from poller 1; num=1
> 230307 01:21:07 882 http_Req: XrdHttpReq request ended.
> 230307 01:21:07 884 ***@***.*** http_Protocol: SSL_accept returned :-1
> 230307 01:21:07 882 ***@***.*** Xrd_Poll: Poller 0 removing FD 43
> 140198772524800:error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed:s3_srvr.c:3327:
> 230307 01:21:07 882 ***@***.*** Xrd_Poll: FD 43 detached from poller 0; num=1
> 230307 01:21:07 884 http_Protocol: Cleanup
> 230307 01:21:07 884 http_Protocol: Reset
> 230307 01:21:07 884 http_Req: XrdHttpReq request ended.
> 230307 01:21:07 884 ***@***.*** Xrd_Poll: Poller 2 removing FD 47
> 230307 01:21:07 884 ***@***.*** Xrd_Poll: FD 47 detached from poller 2; num=0
> 230307 01:21:07 883 XrdTLS: CertVerify: Cert verification failed for DN=/DC=org/DC=cilogon/C=US/O=LIGO/CN=Fabio Andrijauskas ***@***.***
> 230307 01:21:07 883 XrdTLS: CertVerify: Failing cert issuer=/DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Silver CA 1
> 230307 01:21:07 883 XrdTLS: CertVerify: Error 9 at depth 0 [certificate is not yet valid]
> 230307 01:21:07 883 ***@***.*** http_Protocol: SSL_accept returned :-1
> 140198774626048:error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed:s3_srvr.c:3327:
> 230307 01:21:07 883 http_Protocol: Cleanup
> 230307 01:21:07 883 http_Protocol: Reset
> 230307 01:21:07 883 http_Req: XrdHttpReq request ended.
> 230307 01:21:07 883 ***@***.*** Xrd_Poll: Poller 0 removing FD 45
> 230307 01:21:07 883 ***@***.*** Xrd_Poll: FD 45 detached from poller 0; num=0
> 230307 01:21:07 862 XrdTLS: CertVerify: Cert verification failed for DN=/DC=org/DC=cilogon/C=US/O=LIGO/CN=Fabio Andrijauskas ***@***.***
> 230307 01:21:07 862 XrdTLS: CertVerify: Failing cert issuer=/DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Silver CA 1
> 230307 01:21:07 862 XrdTLS: CertVerify: Error 9 at depth 0 [certificate is not yet valid]
> 230307 01:21:07 862 ***@***.*** http_Protocol: SSL_accept returned :-1
> 140198912030464:error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed:s3_srvr.c:3327:
> 230307 01:21:07 862 http_Protocol: Cleanup
> 230307 01:21:07 862 http_Protocol: Reset
> 230307 01:21:07 862 http_Req: XrdHttpReq request ended.
> 230307 01:21:07 862 ***@***.*** Xrd_Poll: Poller 1 removing FD 37
> 230307 01:21:07 862 ***@***.*** Xrd_Poll: FD 37 detached from poller 1; num=0
> 230307 01:21:08 885 Xrd_Inet: Accepted connection on port 8443 from ***@***.***
> 230307 01:21:08 886 Xrd_Inet: Accepted connection on port 8443 from ***@***.***
> 230307 01:21:08 885 ***@***.*** http_Protocol: received dlen: 16
> 230307 01:21:08 885 ***@***.*** http_Protocol: received dump: 22 03 01 02 00 01 00 01 -04 03 03 61 -85 -115 -46 00
> 230307 01:21:08 885 ***@***.*** http_Protocol: This does not look like http at pos 0
> 230307 01:21:08 885 ***@***.*** http_Protocol: This may look like https
> 230307 01:21:08 885 ***@***.*** http_Protocol: Protocol matched. https: True
> 230307 01:21:08 885 Xrd_ProtLoad: matched port 8443 protocol http
> 230307 01:21:08 885 ***@***.*** Xrd_Poll: FD 49 attached to poller 0; num=1
> 230307 01:21:08 885 ***@***.*** http_Protocol: Process. lp:0x41eb490 reqstate: 0
> 230307 01:21:08 885 ***@***.*** http_Protocol: Setting host: [::ffff:131.215.113.168]
> 230307 01:21:08 885 ***@***.*** http_Protocol: Entering SSL_accept...
> 230307 01:21:08 886 ***@***.*** http_Protocol: received dlen: 16
> 230307 01:21:08 886 ***@***.*** http_Protocol: received dump: 22 03 01 02 00 01 00 01 -04 03 03 -81 -82 -27 95 00
> 230307 01:21:08 886 ***@***.*** http_Protocol: This does not look like http at pos 0
> 230307 01:21:08 886 ***@***.*** http_Protocol: This may look like https
> 230307 01:21:08 886 ***@***.*** http_Protocol: Protocol matched. https: True
> 230307 01:21:08 886 Xrd_ProtLoad: matched port 8443 protocol http
> 230307 01:21:08 886 ***@***.*** Xrd_Poll: FD 33 attached to poller 1; num=1
> 230307 01:21:08 886 ***@***.*** http_Protocol: Process. lp:0x41e8410 reqstate: 0
> 230307 01:21:08 886 ***@***.*** http_Protocol: Setting host: [::ffff:131.215.113.168]
> 230307 01:21:08 886 ***@***.*** http_Protocol: Entering SSL_accept...
> 230307 01:21:08 863 Xrd_Inet: Accepted connection on port 8443 from ***@***.***
> 230307 01:21:08 863 ***@***.*** http_Protocol: received dlen: 16
> 230307 01:21:08 863 ***@***.*** http_Protocol: received dump: 22 03 01 02 00 01 00 01 -04 03 03 22 82 10 28 00
> 230307 01:21:08 863 ***@***.*** http_Protocol: This does not look like http at pos 0
> 230307 01:21:08 863 ***@***.*** http_Protocol: This may look like https
> 230307 01:21:08 863 ***@***.*** http_Protocol: Protocol matched. https: True
> 230307 01:21:08 863 Xrd_ProtLoad: matched port 8443 protocol http
> 230307 01:21:08 863 ***@***.*** Xrd_Poll: FD 35 attached to poller 2; num=1
> 230307 01:21:08 863 ***@***.*** http_Protocol: Process. lp:0x41e8a20 reqstate: 0
> 230307 01:21:08 863 ***@***.*** http_Protocol: Setting host: [::ffff:131.215.113.168]
> 230307 01:21:08 863 ***@***.*** http_Protocol: Entering SSL_accept...
> 230307 01:21:08 882 Xrd_Inet: Accepted connection on port 8443 from ***@***.***
> 230307 01:21:08 882 ***@***.*** http_Protocol: received dlen: 16
> 230307 01:21:08 882 ***@***.*** http_Protocol: received dump: 22 03 01 02 00 01 00 01 -04 03 03 33 -110 -22 -104 00
> 230307 01:21:08 882 ***@***.*** http_Protocol: This does not look like http at pos 0
> 230307 01:21:08 882 ***@***.*** http_Protocol: This may look like https
> 230307 01:21:08 882 ***@***.*** http_Protocol: Protocol matched. https: True
> 230307 01:21:08 882 Xrd_ProtLoad: matched port 8443 protocol http
> 230307 01:21:08 882 ***@***.*** Xrd_Poll: FD 34 attached to poller 0; num=2
> 230307 01:21:08 882 ***@***.*** http_Protocol: Process. lp:0x41e8718 reqstate: 0
> 230307 01:21:08 882 ***@***.*** http_Protocol: Setting host: [::ffff:131.215.113.168]
>
> ```
>
> --
> Reply to this email directly or view it on GitHub:
> https://github.com/xrootd/xrootd/issues/1940#issuecomment-1457413663
> You are receiving this because you commented.
>
> Message ID: ***@***.***>
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you commented.
Message ID: <xrootd/xrootd/issues/1940/1457462040@github.com>
[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/xrootd/xrootd/issues/1940#issuecomment-1457462040",
"url": "https://github.com/xrootd/xrootd/issues/1940#issuecomment-1457462040",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
