Epoptes

SSL certificate fetch failure. Unknown protocol:s23_clnt.c

Asked by James Cornelius

Hello,

I am attempting to setup epoptes on 25 fat clients in a computer lab. They are all running Edubuntu 12.04 with all of the updates.

I have given one of the systems a static ip and have it setup as the epoptes server in the /etc/default/epoptes-client file on the clients.

When I run epopets-client -c from one of the clients I recieve the following error:
140155055228576:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:749:
epoptes-client ERROR: Failed to fetch certificate from 192.168.3.105:789

When I use this openssl command from the client I get the error that follows:
openssl s_client -connect 192.168.3.105:789 </dev/null |sed '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/!d'

140189750130336:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:749:

When I run this openssl command on the server I recieve the error that follows:
openssl s_client -connect localhost:789 < /dev/null |sed '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/!d'

140454219429536:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:749:

I have also restarted the epoptes daemon on the server with no errors as well.

The server and client can communicate with no issues so it does not appear to be a networking issue.

Any thoughts or guidance would be appreaciated.
Thanks

Question information

Language:
English Edit question
Status:
Expired
For:
Epoptes Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Alkis Georgopoulos (alkisg) said : 		#1

Hi James,

you're the third person reporting this issue, but I've never seen it or been able to reproduce it.
It sounds like a problem either in the python SSL libraries or in openssl.
Would you mind finding me in IRC (epoptes Help → Live chat (IRC)) so that we can share a VNC screen (Help → Remote support) and troubleshoot it more easily?

If not, could you try installing the Quantal version of openssl in one of your clients, to check if it's some openssl problem that has already been fixed?
http://packages.ubuntu.com/quantal/openssl

If you cannot do any of those, try manually copying /etc/epoptes/server.crt to one of your clients (e.g. with scp) and see if everything works fine afterwards.

Revision history for this message
Alkis Georgopoulos (alkisg) said : 		#2

Please also try the following commands on the server, they might provide useful info:

sudo apt-get install gnutls-bin
cat /proc/sys/kernel/random/entropy_avail
gnutls-cli-debug -p 789 -d 3 -V localhost

Revision history for this message
Launchpad Janitor (janitor) said : 		#3

This question was expired because it remained in the 'Needs information' state without activity for the last 15 days.