Bug 478677
Summary: | Unable to print to network shared printer that requires basic authentication and SSL | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Darren Fulton <dfulton> |
Component: | cups | Assignee: | Tim Waugh <twaugh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 10 | CC: | antonio.montagnani, dfulton, jorton, tmraz, twaugh |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-07-03 09:08:14 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Darren Fulton
2009-01-03 11:30:11 UTC
Hi. Any update on this? Does anyone know if this is a CUPS issue, or a system-config-printer issue, or something else? If it is a CUPS issue, shall I try to file a bug report with the CUPS folks? system-config-printer is certainly not involved. It seems more like a gnutls issue, as that is what cupsd is using. > The Fedora 10 client would not accept https:// in the URI, so I used ipp:// and
> http:// hoping that it would realize that it had to use SSL, but I don't think
> it did.
Tim, I don't think this is a gnutls issue. It looks like he was not able to configure the SSL on the client at all so gnutls did not get involved.
Darren, if you do 'gnutls-cli -p 8443 192.168.22.150', are you able to connect? What do you get as output?
Tomas, the message from the server, "A record packet with illegal version was received.", comes from gnutls. CUPS automatically detects SSL connections, so ipp://... is the correct URI form to use. OK, problem understood now. So normally the SSL port is 443, and libcups has special handling in that case to always start out with an SSL connection. Additionally, on the normal IPP port (631), cupsd has special handling to request that the client upgrade to an encrypted connection over the same port. Neither of these things were happening because (a) the port was 8443 not 443, and (b) the client was connecting to an SSL-only port. The reason system-config-printer was rejecting 'https://...'-type URIs is that cupsd is, and the simple reason for that is a missing https -> ipp symlink. (The ipp backend spots when it is being invoked as https and always encrypts in that case.) Filed upstream. This will be fixed when 1.1.x (currently in rawhide) is backported to Fedora 10. Incidentally, you should be able to use a URI of the form: ipp://...?encryption=always to achieve the same effect. Closing, as there is an easy work-around for Fedora 10 and Fedora 11 already contains the fix. |