Bug #15448
closed
OpenSSL Error: SSLv3 read client certificate A
Added by Jérôme LEBEAU about 8 years ago.
Updated about 7 years ago.
Description
Ubuntu 14.04
Foreman 1.11.2-1 (installed from package)
Bug probably related to Foreman Remote execution.
The execution of a job failed (the job stay as "running 0%"), and since the /var/log/foreman-proxy.log is filled with this error :
E, [2016-06-16T19:57:35.447710 #17843] ERROR -- : OpenSSL::SSL::SSLError: SSL_accept SYSCALL returned=5 errno=0 state=SSLv3 read client certificate A
/usr/lib/ruby/1.9.1/openssl/ssl-internal.rb:172:in `accept'
E, [2016-06-16T19:57:37.133534 #17843] ERROR -- : could not read client cert from environment
E, [2016-06-16T19:57:46.995776 #17843] ERROR -- : OpenSSL::SSL::SSLError: SSL_accept SYSCALL returned=5 errno=0 state=unknown state
/usr/lib/ruby/1.9.1/openssl/ssl-internal.rb:172:in `accept'
Is it normal that ruby 1.9.1 is used here and not 2.0 ?
- Subject changed from OpenSSL Error to OpenSSL Error: SSLv3 read client certificate A
- Category set to SSL
My only guess is that there's no client SSL certificate being used, which should be configured in Foreman under Settings > Auth > ssl_*, assuming it's Foreman making the request. I can't see enough info here to suggest it's a bug in the smart proxy.
Is it normal that ruby 1.9.1 is used here and not 2.0 ?
Yes, 1.9.1 is the default Ruby version on Ubuntu 14.04, it's correct.
Jérôme LEBEAU wrote:
I was thinking that foreman use ruby 2.0, with foreman-ruby on 14.04 ?
Foreman does, while the smart proxy uses the default.
Smart-proxy supports TLSv1.1; at a quick glance foreman doesn't limit ssl connections to TLSv1.2 only either. Could you enable debug logging and paste everything pertaining to a failing request here please?
- Related to Bug #15459: Job is executed, but stay as "Pending" added
- Status changed from New to Resolved
No reaction, closing. Also, in the meanwhile the proxy uses Ruby 2.0 on Ubuntu/trusty.
Also available in: Atom
PDF