Re: [pcp] Secure sockets - failure with manual client certificate installation issue

[Nathan Scott <nathans@xxxxxxxxxx>]

----- Original Message -----
> Following the instructions from the latest lab.secure.html ...
> 
> When I install the client certificate, I see the setup outlined below
> (it would be good if someone who knows could check this).


Looks ok to me.

> But PCP clients cannot run with PCP_SECURE_SOCKETS=enforce, they are
> killed by pmcd with an IPC error.
> 
> On the client side ...
> 
> $ PCP_SECURE_SOCKETS=enforce pmprobe -D pdu sample.long.one
> [22661]pmGetPDU: ERROR fd=1024 len=20 from=0
> 000:       14     7000        0        0  3000102
> [22661]pmXmitPDU: CREDS fd=1024 len=20
> 000:       14     700c     5885  1000000  1000201
> [22661]pmXmitPDU: PMNS_TRAVERSE fd=1024 len=36
> 000:       24     7010        0        0  f000000 706d6173 6c2e656c
> 2e676e6f
> 008:   656e6f
> sample.long.one -12366 IPC protocol failure
> 
> On the pmcd side ...
> 
> ->17:46:19 New client: [0] addr=192.168.1.100, fd=1026, seq=12
> ->17:46:19 Xmit: ERROR PDU, fd=1026, err=0: No error
> [20477]pmXmitPDU: ERROR fd=1026 len=20
> 000:       14     7000        0        0  3000102
> [20477]pmGetPDU: CREDS fd=1026 len=20 from=23930
> 000:       14     700c     5d7a  1000000  1000201
> ->17:46:19 Recv: CREDS PDU, fd=1026, pdubuf=0x...38903000
> ->17:46:19 Recv: CREDS PDU, fd=1026, pdubuf=0x...1
> [Tue Apr 16 17:46:19] pmcd(20477) Error: __pmGetPDU: fd=1026 hdr read:
> bad len=1
> ->17:46:19 End client: fd=1026, err=-12366: IPC protocol failure
> 
> The __pmGetPDU read of 1 byte is totally broken.
> 

Yes, that seems to be the start of the badness.  Not clear why
its getting an invalid creds pdu back from pmcd though... this
one has me totally stumped so far (its different behaviour to
what I'm observing on nss-3.13.6).

cheers.

--
Nathan