Re: [pcp] Secure sockets - failure with manual client certificate installation issue

[Ken McDonell <kenj@xxxxxxxxxxxxxxxx>]

On 16/04/13 19:51, Nathan Scott wrote:
> > ...
> > The __pmGetPDU read of 1 byte is totally broken.
> Yes, that seems to be the start of the badness.  Not clear why
> its getting an invalid creds pdu back from pmcd though... this
> one has me totally stumped so far (its different behaviour to
> what I'm observing on nss-3.13.6).
I don't think this is anything coming back from pmcd.

The client is doing an additional sendto() of 87 bytes down the socket 
to pmcd that does NOT go through any of our PDU routines on the client 
side, and on pmcd this gets interpreted as a bad PDU (len == 1) and pmcd 
shuts down the socket, which causes the next PDU send from the client to 
return PM_ERR_IPC.
I've verified this with strace for the client with and without
PCP_SECURE_SOCKETS=enforce.

So, it appears as though the client is trying to establish a secure 
connection and sending some sort of credential/certificate from within 
the non-PCP code, but pmcd is not decoding the initial credentials 
correctly and not expecting this data from the client.