Index  | Recent Threads  | Unanswered Threads  | Who's Active  | Guidelines  | Search
 
World Community Grid Forums
  Category: Support
  Forum: BOINC Agent Support
  Thread: SSL Certificate issue impairing WU retrieval (solved)

Quick Go »
No member browsing this thread
Thread Status: Active
Total posts in this thread: 13
Posts: 13   Pages: 2   [ 1 2 | Next Page ]
[ Jump to Last Post ]
Post new Thread
Author
Previous Thread This topic has been viewed 2212 times and has 12 replies Next Thread
James Browning
Cruncher
Joined: May 14, 2009
Post Count: 8
Status: Offline
Project Badges:
Reply to this Post  Reply with Quote 
applause SSL Certificate issue impairing WU retrieval (solved)
I have two boxes I would like to run WCG on. The first is a Hardened Funtoo box, and the other is my x86 Vista running laptop.
Neither machine is retrieving work units due to SSL issues.

Host Project Date Message THUD http://www.worldcommunitygrid.org/ 5/18/2009 11:08:24 AM Sending scheduler request: Requested by user. Requesting 9009 seconds of work, reporting 0 completed tasks
THUD --- 5/18/2009 11:08:27 AM Project communication failed: attempting access to reference site
THUD --- 5/18/2009 11:08:28 AM Internet access OK - project servers may be temporarily down.
THUD http://www.worldcommunitygrid.org/ 5/18/2009 11:08:29 AM Scheduler request failed: Peer certificate cannot be authenticated with known CA certificates


Where can I can get the certificate? where do I need to put it? How can I make sure I got the right one? What permisions should I set on it? Is there a certicate that doesn't expire in a month? What else am I forgetting

Previously I grabbed this file file mentioned here and stuck it in the '/var/lib/boinc' dir on my funtoo box and copied 'C:\Program Files\BOINC(3)\ca-bundle.crt' to 'C:\ProgramData\BOINC\' on the vista machine which did not seem to help
----------------------------------------
[Edit 1 times, last edit by James Browning at May 19, 2009 1:10:43 AM]
[May 18, 2009 6:29:52 PM]   Link   Report threatening or abusive post: please login first  Go to top 
Former Member
Cruncher
Joined: May 22, 2018
Post Count: 0
Status: Offline
Reply to this Post  Reply with Quote 
Re: SSL Certificate issue impairing WU retrieval
It's a known issue...

Look here: http://www.worldcommunitygrid.org/forums/wcg/viewthread?thread=25585#229120
[May 18, 2009 6:33:15 PM]   Link   Report threatening or abusive post: please login first  Go to top 
Sekerob
Ace Cruncher
Joined: Jul 24, 2005
Post Count: 20043
Status: Offline
Reply to this Post  Reply with Quote 
Re: SSL Certificate issue impairing WU retrieval
Anything in the way of proxies, James Browning?
----------------------------------------
WCG Global & Research > Make Proposal Help: Start Here!
Please help to make the Forums an enjoyable experience for All!
[May 18, 2009 6:41:22 PM]   Link   Report threatening or abusive post: please login first  Go to top 
Former Member
Cruncher
Joined: May 22, 2018
Post Count: 0
Status: Offline
Reply to this Post  Reply with Quote 
Re: SSL Certificate issue impairing WU retrieval
totto73, that issue is unrelated.

The problem occurring simultaneously on two operating systems suggests a proxy problem, as Sekerob says.

James, problems have been reported with smoothwall in the past.
[May 18, 2009 6:45:57 PM]   Link   Report threatening or abusive post: please login first  Go to top 
James Browning
Cruncher
Joined: May 14, 2009
Post Count: 8
Status: Offline
Project Badges:
Reply to this Post  Reply with Quote 
Re: SSL Certificate issue impairing WU retrieval
I'm behind 2 nat boxes, plus whatever is upstream. No proxies I'm aware of. I was concerned that maybe some misconfiguration on my part might be breaking. Like my Funtoo not having the crt bundle earlier and stuff like that.
[May 18, 2009 7:33:29 PM]   Link   Report threatening or abusive post: please login first  Go to top 
Former Member
Cruncher
Joined: May 22, 2018
Post Count: 0
Status: Offline
Reply to this Post  Reply with Quote 
Re: SSL Certificate issue impairing WU retrieval
http://wcg.wikia.com/wiki/Client_configuration

James, if you use the last example configuration on this page, we may be able to get some useful diagnostic information.
[May 18, 2009 8:22:07 PM]   Link   Report threatening or abusive post: please login first  Go to top 
James Browning
Cruncher
Joined: May 14, 2009
Post Count: 8
Status: Offline
Project Badges:
Reply to this Post  Reply with Quote 
Re: SSL Certificate issue impairing WU retrieval
Yeah, I think it's my box. I tweaked the funtoo box's output with the third cc_config.xml and I found the scheduler URL. I pulled up w/ wget, no problem. What I think the relevent line is '[http_debug] [ID#4] info: gnutls_handshake() failed: A TLS packet with unexpected length was received.' Which'd seem to indicate that boinc client is at fault. Ill tackle my lappy in a minute.

theodore SETI@home 5/18/2009 3:21:59 PM Restarting task ap_14mr09ag_B5_P0_00105_20090514_09027.wu_1 using astropulse_v5 version 503
theodore http://www.worldcommunitygrid.org/ 5/18/2009 3:25:50 PM Sending scheduler request: Requested by user. Requesting 0 seconds of work, reporting 0 completed tasks
theodore --- 5/18/2009 3:25:50 PM [http_debug] HTTP_OP::init_post(): https://grid.worldcommunitygrid.org/boinc/wcg_cgi/fcgi
theodore --- 5/18/2009 3:25:50 PM [proxy_debug] HTTP_OP::no_proxy_for_url(): https://grid.worldcommunitygrid.org/boinc/wcg_cgi/fcgi
theodore --- 5/18/2009 3:25:50 PM [proxy_debug] returning false
theodore --- 5/18/2009 3:25:52 PM [http_debug] [ID#4] info: About to connect() to grid.worldcommunitygrid.org port 443 (#1)
theodore --- 5/18/2009 3:25:52 PM [http_debug] [ID#4] info: Trying 198.20.8.241...
theodore --- 5/18/2009 3:25:53 PM [http_debug] [ID#4] info: Connected to grid.worldcommunitygrid.org (198.20.8.241) port 443 (#1)
theodore --- 5/18/2009 3:25:54 PM [http_debug] [ID#4] info: found 59 certificates in ca-bundle.crt
theodore --- 5/18/2009 3:25:54 PM [http_debug] [ID#4] info: gnutls_handshake() failed: A TLS packet with unexpected length was received.
theodore --- 5/18/2009 3:25:54 PM [http_debug] [ID#4] info: Expire cleared
theodore --- 5/18/2009 3:25:54 PM [http_debug] [ID#4] info: Closing connection #1
theodore --- 5/18/2009 3:25:54 PM [http_debug] HTTP error: SSL connect error
theodore --- 5/18/2009 3:25:54 PM Project communication failed: attempting access to reference site
theodore --- 5/18/2009 3:25:54 PM [http_debug] HTTP_OP::init_get(): http://www.ibm.com/
theodore --- 5/18/2009 3:25:54 PM [proxy_debug] HTTP_OP::no_proxy_for_url(): http://www.ibm.com/
theodore --- 5/18/2009 3:25:54 PM [proxy_debug] returning false
theodore --- 5/18/2009 3:25:54 PM [http_debug] [ID#5] info: Connection #0 seems to be dead!
theodore --- 5/18/2009 3:25:54 PM [http_debug] [ID#5] info: Expire cleared
theodore --- 5/18/2009 3:25:54 PM [http_debug] [ID#5] info: Closing connection #0
theodore --- 5/18/2009 3:25:54 PM [http_debug] [ID#5] info: About to connect() to www.ibm.com port 80 (#0)
theodore --- 5/18/2009 3:25:54 PM [http_debug] [ID#5] info: Trying 129.42.56.216...
theodore http://www.worldcommunitygrid.org/ 5/18/2009 3:25:55 PM Scheduler request failed: SSL connect error
theodore --- 5/18/2009 3:25:58 PM [http_debug] [ID#5] info: Connected to www.ibm.com (129.42.56.216) port 80 (#0)
theodore --- 5/18/2009 3:25:58 PM [http_debug] [ID#5] Sent header to server: GET / HTTP/1.1User-Agent: BOINC client (i686-pc-linux-gnu 6.4.5)Host: www.ibm.comAccept: */*Accept-Encoding: deflate, gzipContent-Type: application/x-www-form-urlencoded
theodore --- 5/18/2009 3:25:59 PM [http_debug] [ID#5] Received header from server: HTTP/1.1 302 Found
theodore --- 5/18/2009 3:25:59 PM [http_debug] [ID#5] Received header from server: Date: Mon, 18 May 2009 22:25:58 GMT
theodore --- 5/18/2009 3:25:59 PM [http_debug] [ID#5] Received header from server: Server: IBM_HTTP_Server
theodore --- 5/18/2009 3:25:59 PM [http_debug] [ID#5] Received header from server: Content-Type: text/html
theodore --- 5/18/2009 3:25:59 PM [http_debug] [ID#5] Received header from server: Location: http://www.ibm.com/us/en/
theodore --- 5/18/2009 3:25:59 PM [http_debug] [ID#5] Received header from server: Content-Length: 209
theodore --- 5/18/2009 3:25:59 PM [http_debug] [ID#5] Received header from server:
theodore --- 5/18/2009 3:25:59 PM [http_debug] [ID#5] info: Ignoring the response-body
theodore --- 5/18/2009 3:25:59 PM [http_debug] [ID#5] info: Expire cleared
theodore --- 5/18/2009 3:25:59 PM [http_debug] [ID#5] info: Connection #0 to host www.ibm.com left intact
theodore --- 5/18/2009 3:25:59 PM [http_debug] [ID#5] info: Issue another request to this URL: 'http://www.ibm.com/us/en/'
theodore --- 5/18/2009 3:25:59 PM [http_debug] [ID#5] info: Re-using existing connection! (#0) with host www.ibm.com
theodore --- 5/18/2009 3:25:59 PM [http_debug] [ID#5] info: Connected to www.ibm.com (129.42.56.216) port 80 (#0)
theodore --- 5/18/2009 3:25:59 PM [http_debug] [ID#5] Sent header to server: GET /us/en/ HTTP/1.1User-Agent: BOINC client (i686-pc-linux-gnu 6.4.5)Host: www.ibm.comAccept: */*Accept-Encoding: deflate, gzipReferer: http://www.ibm.com/Content-Type: application/x-www-form-urlencoded
theodore --- 5/18/2009 3:25:59 PM [http_debug] [ID#5] Received header from server: HTTP/1.1 200 OK
theodore --- 5/18/2009 3:25:59 PM [http_debug] [ID#5] Received header from server: Date: Mon, 18 May 2009 22:25:59 GMT
theodore --- 5/18/2009 3:25:59 PM [http_debug] [ID#5] Received header from server: Server: IBM_HTTP_Server
theodore --- 5/18/2009 3:25:59 PM [http_debug] [ID#5] Received header from server: Cache-Control: no-cache
theodore --- 5/18/2009 3:25:59 PM [http_debug] [ID#5] Received header from server: Vary: *
theodore --- 5/18/2009 3:25:59 PM [http_debug] [ID#5] Received header from server: Content-Type: text/html;charset=UTF-8
theodore --- 5/18/2009 3:25:59 PM [http_debug] [ID#5] Received header from server: Content-Language: en-US
theodore --- 5/18/2009 3:25:59 PM [http_debug] [ID#5] Received header from server: Vary: User-Agent, Accept-Encoding
theodore --- 5/18/2009 3:25:59 PM [http_debug] [ID#5] Received header from server: Content-Encoding: gzip
theodore --- 5/18/2009 3:25:59 PM [http_debug] [ID#5] Received header from server: Content-Length: 7853
theodore --- 5/18/2009 3:25:59 PM [http_debug] [ID#5] Received header from server:
theodore --- 5/18/2009 3:25:59 PM [http_xfer_debug] HTTP: wrote 2999 bytes
theodore --- 5/18/2009 3:25:59 PM [http_xfer_debug] HTTP: wrote 4117 bytes
theodore --- 5/18/2009 3:26:00 PM [http_xfer_debug] HTTP: wrote 6939 bytes
theodore --- 5/18/2009 3:26:00 PM [http_xfer_debug] HTTP: wrote 25882 bytes
theodore --- 5/18/2009 3:26:00 PM [http_debug] [ID#5] info: Expire cleared
theodore --- 5/18/2009 3:26:00 PM [http_debug] [ID#5] info: Connection #0 to host www.ibm.com left intact
theodore --- 5/18/2009 3:26:01 PM Internet access OK - project servers may be temporarily down.
[May 18, 2009 10:52:44 PM]   Link   Report threatening or abusive post: please login first  Go to top 
Former Member
Cruncher
Joined: May 22, 2018
Post Count: 0
Status: Offline
Reply to this Post  Reply with Quote 
Re: SSL Certificate issue impairing WU retrieval
James, please will you post the BOINC startup messages? I want to check your library environment.
[May 18, 2009 11:10:50 PM]   Link   Report threatening or abusive post: please login first  Go to top 
James Browning
Cruncher
Joined: May 14, 2009
Post Count: 8
Status: Offline
Project Badges:
Reply to this Post  Reply with Quote 
Re: SSL Certificate issue impairing WU retrieval
Here is the dump for my Vista lpatop. I'm gonna guess the relevent lines are
THUD --- 5/18/2009 4:06:36 PM [http_debug] [ID#0] info: SSL certificate problem, verify that the CA cert is OK. Details:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
THUD --- 5/18/2009 4:06:36 PM [http_debug] [ID#0] info: Expire cleared
THUD --- 5/18/2009 4:06:36 PM [http_debug] [ID#0] info: Connection #0 to host grid.worldcommunitygrid.org left intact
THUD --- 5/18/2009 4:06:36 PM [http_debug] HTTP error: Peer certificate cannot be authenticated with known CA certificates
THUD --- 5/18/2009 4:06:37 PM Project communication failed: attempting access to reference site
THUD --- 5/18/2009 4:06:37 PM [http_debug] HTTP_OP::init_get(): http://www.google.com
THUD --- 5/18/2009 4:06:37 PM [http_debug] HTTP_OP::libcurl_exec(): ca-bundle 'C:\Program Files\BOINC\ca-bundle.crt'
THUD http://www.worldcommunitygrid.org/ 5/18/2009 4:06:37 PM Scheduler request failed: Peer certificate cannot be authenticated with known CA certificates

And the whole log fragment is.
THUD http://www.worldcommunitygrid.org/ 5/18/2009 4:06:32 PM Sending scheduler request: Requested by user. Requesting 0 seconds of work, reporting 0 completed tasks
THUD --- 5/18/2009 4:06:32 PM [http_debug] HTTP_OP::init_post(): https://grid.worldcommunitygrid.org/boinc/wcg_cgi/fcgi
THUD --- 5/18/2009 4:06:32 PM [http_debug] HTTP_OP::libcurl_exec(): ca-bundle 'C:\Program Files\BOINC\ca-bundle.crt'
THUD --- 5/18/2009 4:06:34 PM [http_debug] [ID#0] info: About to connect() to grid.worldcommunitygrid.org port 443 (#0)
THUD --- 5/18/2009 4:06:34 PM [http_debug] [ID#0] info: Trying 198.20.8.241...
THUD --- 5/18/2009 4:06:34 PM [http_debug] [ID#0] info: Connected to grid.worldcommunitygrid.org (198.20.8.241) port 443 (#0)
THUD --- 5/18/2009 4:06:36 PM [http_debug] [ID#0] info: SSLv2, Client hello (1):
THUD --- 5/18/2009 4:06:36 PM [http_debug] [ID#0] info: SSLv3, TLS handshake, Server hello (2):
THUD --- 5/18/2009 4:06:36 PM [http_debug] [ID#0] info: SSLv3, TLS handshake, CERT (11):
THUD --- 5/18/2009 4:06:36 PM [http_debug] [ID#0] info: SSLv3, TLS alert, Server hello (2):
THUD --- 5/18/2009 4:06:36 PM [http_debug] [ID#0] info: SSL certificate problem, verify that the CA cert is OK. Details:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
THUD --- 5/18/2009 4:06:36 PM [http_debug] [ID#0] info: Expire cleared
THUD --- 5/18/2009 4:06:36 PM [http_debug] [ID#0] info: Connection #0 to host grid.worldcommunitygrid.org left intact
THUD --- 5/18/2009 4:06:36 PM [http_debug] HTTP error: Peer certificate cannot be authenticated with known CA certificates
THUD --- 5/18/2009 4:06:37 PM Project communication failed: attempting access to reference site
THUD --- 5/18/2009 4:06:37 PM [http_debug] HTTP_OP::init_get(): http://www.google.com
THUD --- 5/18/2009 4:06:37 PM [http_debug] HTTP_OP::libcurl_exec(): ca-bundle 'C:\Program Files\BOINC\ca-bundle.crt'
THUD http://www.worldcommunitygrid.org/ 5/18/2009 4:06:37 PM Scheduler request failed: Peer certificate cannot be authenticated with known CA certificates
THUD --- 5/18/2009 4:06:37 PM [http_debug] [ID#1] info: About to connect() to www.google.com port 80 (#1)
THUD --- 5/18/2009 4:06:37 PM [http_debug] [ID#1] info: Trying 74.125.19.147...
THUD --- 5/18/2009 4:06:37 PM [http_debug] [ID#1] info: Connected to www.google.com (74.125.19.147) port 80 (#1)
THUD --- 5/18/2009 4:06:37 PM [http_debug] [ID#1] Sent header to server: GET / HTTP/1.1User-Agent: BOINC client (windows_intelx86 6.2.19)Host: www.google.comAccept: */*Accept-Encoding: deflate, gzipContent-Type: application/x-www-form-urlencoded
THUD --- 5/18/2009 4:06:38 PM [http_debug] [ID#1] Received header from server: HTTP/1.1 200 OK
THUD --- 5/18/2009 4:06:38 PM [http_debug] [ID#1] Received header from server: Cache-Control: private, max-age=0
THUD --- 5/18/2009 4:06:38 PM [http_debug] [ID#1] Received header from server: Date: Mon, 18 May 2009 23:06:38 GMT
THUD --- 5/18/2009 4:06:38 PM [http_debug] [ID#1] Received header from server: Expires: -1
THUD --- 5/18/2009 4:06:38 PM [http_debug] [ID#1] Received header from server: Content-Type: text/html; charset=ISO-8859-1
THUD --- 5/18/2009 4:06:38 PM [http_debug] [ID#1] Received header from server: Set-Cookie: PREF=ID=ec11354beafe7c37:TM=1242687998:LM=1242687998:S=Tn0ahrwHxzQlAz4c; expires=Wed, 18-May-2011 23:06:38 GMT; path=/; domain=.google.com
THUD --- 5/18/2009 4:06:38 PM [http_debug] [ID#1] Received header from server: Server: gws
THUD --- 5/18/2009 4:06:38 PM [http_debug] [ID#1] Received header from server: Transfer-Encoding: chunked
THUD --- 5/18/2009 4:06:38 PM [http_debug] [ID#1] Received header from server:
THUD --- 5/18/2009 4:06:38 PM [http_xfer_debug] HTTP: wrote 4079 bytes
THUD --- 5/18/2009 4:06:38 PM [http_xfer_debug] HTTP: wrote 702 bytes
THUD --- 5/18/2009 4:06:38 PM [http_debug] [ID#1] info: Connection #1 to host www.google.com left intact
THUD --- 5/18/2009 4:06:38 PM Internet access OK - project servers may be temporarily down.
[May 18, 2009 11:14:29 PM]   Link   Report threatening or abusive post: please login first  Go to top 
Former Member
Cruncher
Joined: May 22, 2018
Post Count: 0
Status: Offline
Reply to this Post  Reply with Quote 
Re: SSL Certificate issue impairing WU retrieval
James, I can't help noticing you are using non-standard BOINC versions.

For Windows, we recommend BOINC 6.2.28

For Linux, we recommend you chose between BOINC 6.2.15 from World Community Grid, or the version of BOINC 6.2 provided by your distro (I have no idea what this implies for Funtoo).
[May 18, 2009 11:29:38 PM]   Link   Report threatening or abusive post: please login first  Go to top 
Posts: 13   Pages: 2   [ 1 2 | Next Page ]
[ Jump to Last Post ]
Post new Thread