Following the instructions from the latest lab.secure.html ...
When I install the client certificate, I see the setup outlined below
(it would be good if someone who knows could check this).
But PCP clients cannot run with PCP_SECURE_SOCKETS=enforce, they are
killed by pmcd with an IPC error.
On the client side ...
$ PCP_SECURE_SOCKETS=enforce pmprobe -D pdu sample.long.one
[22661]pmGetPDU: ERROR fd=1024 len=20 from=0
000: 14 7000 0 0 3000102
[22661]pmXmitPDU: CREDS fd=1024 len=20
000: 14 700c 5885 1000000 1000201
[22661]pmXmitPDU: PMNS_TRAVERSE fd=1024 len=36
000: 24 7010 0 0 f000000 706d6173 6c2e656c
2e676e6f
008: 656e6f
sample.long.one -12366 IPC protocol failure
On the pmcd side ...
->17:46:19 New client: [0] addr=192.168.1.100, fd=1026, seq=12
->17:46:19 Xmit: ERROR PDU, fd=1026, err=0: No error
[20477]pmXmitPDU: ERROR fd=1026 len=20
000: 14 7000 0 0 3000102
[20477]pmGetPDU: CREDS fd=1026 len=20 from=23930
000: 14 700c 5d7a 1000000 1000201
->17:46:19 Recv: CREDS PDU, fd=1026, pdubuf=0x...38903000
->17:46:19 Recv: CREDS PDU, fd=1026, pdubuf=0x...1
[Tue Apr 16 17:46:19] pmcd(20477) Error: __pmGetPDU: fd=1026 hdr read:
bad len=1
->17:46:19 End client: fd=1026, err=-12366: IPC protocol failure
The __pmGetPDU read of 1 byte is totally broken.
------------- setup ---------------
kenj@bozo:~$ certutil -d sql:$HOME/.pki/nssdb -L
Certificate Nickname Trust
Attributes
->17:46:19
New client: [0] addr=192.168.1.100, fd=1026, seq=12
->17:46:19 Xmit: ERROR PDU, fd=1026, err=0: No error
[20477]pmXmitPDU: ERROR fd=1026 len=20
000: 14 7000 0 0 3000102
[20477]pmGetPDU: CREDS fd=1026 len=20 from=23930
000: 14 700c 5d7a 1000000 1000201
->17:46:19 Recv: CREDS PDU, fd=1026, pdubuf=0x...38903000
->17:46:19 Recv: CREDS PDU, fd=1026, pdubuf=0x...1
[Tue Apr 16 17:46:19] pmcd(20477) Error: __pmGetPDU: fd=1026 hdr read:
bad len=1
->17:46:19 End client: fd=1026, err=-12366: IPC protocol failure
SSL,S/MIME,JAR/XPI
Local CA certificate CT,,
kenj@bozo:~$ certutil -d sql:$HOME/.pki/nssdb -L -n 'Local CA certificate'
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
00:9b:4c:23:42
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=Local PCP Installation,DC=localdomain"
Validity:
Not Before: Mon Apr 15 07:21:39 2013
Not After : Sat Apr 15 07:21:39 2023
Subject: "CN=Local PCP Installation,DC=localdomain"
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:->17:46:19 New client: [0] addr=192.168.1.100,
fd=1026, seq=12
->17:46:19 Xmit: ERROR PDU, fd=1026, err=0: No error
[20477]pmXmitPDU: ERROR fd=1026 len=20
000: 14 7000 0 0 3000102
[20477]pmGetPDU: CREDS fd=1026 len=20 from=23930
000: 14 700c 5d7a 1000000 1000201
->17:46:19 Recv: CREDS PDU, fd=1026, pdubuf=0x...38903000
->17:46:19 Recv: CREDS PDU, fd=1026, pdubuf=0x...1
[Tue Apr 16 17:46:19] pmcd(20477) Error: __pmGetPDU: fd=1026 hdr read:
bad len=1
->17:46:19 End client: fd=1026, err=-12366: IPC protocol failure
d0:7c:f3:3d:1b:dc:f8:0e:9a:17:76:dc:f7:74:69:27:
fa:ec:2d:aa:72:25:66:27:94:11:1e:5a:cc:55:68:9b:
02:ce:5c:61:ef:6f:16:f2:eb:e7:7b:32:5f:80:34:55:
fa:e8:71:69:dc:4d:29:47:35:69:6e:80:6c:d6:31:2d:
fb:37:8a:b4:f7:e0:b3:fd:ae:7c:d4:4f:4c:7c:ca:75:
86:94:f5:b9:30:09:f4:ef:2e:83:81:e2:25:ae:9f:63:
1e:4e:43:fc:23:56:4a:bf:c9:3c:9d:7c:61:d9:d0:26:
99:f8:3e:55:da:5f:22:8c:5e:27:e9:ad:cc:31:70:ed
Exponent: 65537 (0x10001)
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Signature:
21:7e:8b:4a:e8:90:7e:ab:85:51:26:d2:6f:5d:1e:a1:
08:ac:dc:7b:c3:43:67:c2:1c:a2:cc:4f:91:39:fe:3e:
22:2d:53:79:0f:71:03:e2:fd:d8:9e:e4:1b:08:5d:01:
36:6a:97:ec:c3:24:46:d4:0f:99:72:49:51:21:6d:45:
ae:73:34:dc:2a:a9:5a:2a:df:02:74:49:70:1b:c6:66:
62:fa:bd:a5:0e:dd:63:9e:91:86:d8:61:7d:ff:84:1d:
d2:e5:2b:95:13:ac:ed:72:12:4a:2a:de:74:fd:37:38:
47:8e:72:23:1e:9c:59:df:b4:71:0a:f1:6e:24:a1:60
Fingerprint (MD5):
D1:DC:A5:5E:3E:1F:9F:79:EF:43:81:47:75:63:82:98
Fingerprint (SHA1):
57:1C:0B:F0:2B:3E:63:EE:E4:96:4F:9F:EC:30:C4:FC:7F:CB:52:FF
Certificate Trust Flags:
SSL Flags:
Valid CA
Trusted CA
Trusted Client CA
Email Flags:
Object Signing Flags:
|