Bug 495597
|
Description
Matthew Harmsen
2009-04-13 23:35:20 UTC
with selinux in permissive mode, I still cannot access the agent page. get ssl_error_bad_mac_alert. my url comes up as https://delta.dsdev.sjc.redhat.com:9443/ca/agent/ca I see nothing wrong with the url in permissive mode. ssltap output...
[root@delta ~]# ssltap -hfsxl delta.dsdev.sjc.redhat.com:9443
<HTML><HEAD><TITLE>SSLTAP output</TITLE></HEAD>
<BODY><PRE>
Looking up "delta.dsdev.sjc.redhat.com"...
Proxy socket ready and listening
<p><HR><H2>Connection #1 [Thu Apr 16 16:02:31 2009]
</H2>Connected to delta.dsdev.sjc.redhat.com:9443
--> [
<font color=blue> 0: 16 03 01 00 aa 01 00 00 a6 03 01 49 e8 1b 14 24 | ...........I...$
10: bc 77 a7 2c 1f 23 b9 60 77 8c a5 0b 2d 3e f1 5b | .w.,.#.`w...->.[
20: e4 01 27 47 18 a8 ae cf 9f 05 da 00 00 18 00 39 | ..'G...........9
30: 00 38 00 35 00 33 00 32 00 04 00 05 00 2f 00 16 | .8.5.3.2...../..
40: 00 13 fe ff 00 0a 01 00 00 65 00 00 00 1f 00 1d | .........e......
50: 00 00 1a 64 65 6c 74 61 2e 64 73 64 65 76 2e 73 | ...delta.dsdev.s
60: 6a 63 2e 72 65 64 68 61 74 2e 63 6f 6d 00 0a 00 | jc.redhat.com...
70: 34 00 32 00 01 00 02 00 03 00 04 00 05 00 06 00 | 4.2.............
80: 07 00 08 00 09 00 0a 00 0b 00 0c 00 0d 00 0e 00 | ................
90: 0f 00 10 00 11 00 12 00 13 00 14 00 15 00 16 00 | ................
a0: 17 00 18 00 19 00 0b 00 02 01 00 00 23 00 00 | ............#..
(175 bytes of 170)
SSLRecord { [Thu Apr 16 16:02:31 2009]
0: 16 03 01 00 aa | .....
type = 22 (handshake)
version = { 3,1 }
length = 170 (0xaa)
handshake {
0: 01 00 00 a6 | ....
type = 1 (client_hello)
length = 166 (0x0000a6)
ClientHelloV3 {
client_version = {3, 1}
random = {...}
0: 49 e8 1b 14 24 bc 77 a7 2c 1f 23 b9 60 77 8c a5 | I...$.w.,.#.`w..
10: 0b 2d 3e f1 5b e4 01 27 47 18 a8 ae cf 9f 05 da | .->.[..'G.......
session ID = {
length = 0
contents = {...}
}
cipher_suites[12] = {
(0x0039) TLS/DHE-RSA/AES256-CBC/SHA
(0x0038) TLS/DHE-DSS/AES256-CBC/SHA
(0x0035) TLS/RSA/AES256-CBC/SHA
(0x0033) TLS/DHE-RSA/AES128-CBC/SHA
(0x0032) TLS/DHE-DSS/AES128-CBC/SHA
(0x0004) SSL3/RSA/RC4-128/MD5
(0x0005) SSL3/RSA/RC4-128/SHA
(0x002f) TLS/RSA/AES128-CBC/SHA
(0x0016) SSL3/DHE-RSA/3DES192EDE-CBC/SHA
(0x0013) SSL3/DHE-DSS/DES192EDE3CBC/SHA
(0xfeff) SSL3/RSA-FIPS/3DESEDE-CBC/SHA
(0x000a) SSL3/RSA/3DES192EDE-CBC/SHA
}
compression[1] = { 00 }
extensions[101] = {
extension type server_name, length [31] = {
0: 00 1d 00 00 1a 64 65 6c 74 61 2e 64 73 64 65 76 | .....delta.dsdev
10: 2e 73 6a 63 2e 72 65 64 68 61 74 2e 63 6f 6d | .sjc.redhat.com
}
extension type elliptic_curves, length [52] = {
0: 00 32 00 01 00 02 00 03 00 04 00 05 00 06 00 07 | .2..............
10: 00 08 00 09 00 0a 00 0b 00 0c 00 0d 00 0e 00 0f | ................
20: 00 10 00 11 00 12 00 13 00 14 00 15 00 16 00 17 | ................
30: 00 18 00 19 | ....
}
extension type ec_point_formats, length [2] = {
0: 01 00 | ..
}
extension type session_ticket, length [0]
}
}
}
}
</font>]
<-- [
<font color=red> 0: 16 03 01 07 bd 02 00 00 46 03 01 49 e7 b9 07 3d | ........F..I...=
10: 96 23 75 66 37 4f ee ad aa 6f 0d 83 bc d3 aa 98 | .#uf7O...o......
20: f1 41 ea ed 9e 5b 87 29 18 d9 94 20 2f 64 49 eb | .A...[.)... /dI.
30: f7 2b 88 8b 82 46 56 5f 88 45 8b 91 36 28 60 86 | .+...FV_.E..6(`.
40: 27 b6 d2 63 4e 90 ba d6 9c d4 a2 01 00 04 00 0b | '..cN...........
50: 00 07 6b 00 07 68 00 03 a6 30 82 03 a2 30 82 02 | ..k..h...0...0..
60: 8a a0 03 02 01 02 02 01 03 30 0d 06 09 2a 86 48 | .........0...*.H
70: 86 f7 0d 01 01 05 05 00 30 46 31 24 30 22 06 03 | ........0F1$0"..
80: 55 04 0a 13 1b 44 73 64 65 76 53 6a 63 52 65 64 | U....DsdevSjcRed
90: 68 61 74 20 44 6f 6d 61 69 6e 20 64 65 6c 74 61 | hat Domain delta
a0: 31 1e 30 1c 06 03 55 04 03 13 15 43 65 72 74 69 | 1.0...U....Certi
b0: 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 | ficate Authority
c0: 30 1e 17 0d 30 39 30 34 31 36 31 37 32 34 31 31 | 0...090416172411
d0: 5a 17 0d 31 31 30 34 30 36 31 37 32 34 31 31 5a | Z..110406172411Z
e0: 30 4b 31 24 30 22 06 03 55 04 0a 13 1b 44 73 64 | 0K1$0"..U....Dsd
f0: 65 76 53 6a 63 52 65 64 68 61 74 20 44 6f 6d 61 | evSjcRedhat Doma
100: 69 6e 20 64 65 6c 74 61 31 23 30 21 06 03 55 04 | in delta1#0!..U.
110: 03 13 1a 64 65 6c 74 61 2e 64 73 64 65 76 2e 73 | ...delta.dsdev.s
120: 6a 63 2e 72 65 64 68 61 74 2e 63 6f 6d 30 82 01 | jc.redhat.com0..
130: 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 | "0...*.H........
140: 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 30 | .....0.........0
150: 45 4f 53 eb 0c f1 2f fc 6c 74 e6 4a 53 e7 fe f6 | EOS.../.lt.JS...
160: 77 2e 5b 30 c1 94 97 51 5e c2 e6 5c 80 f3 0e a6 | w.[0...Q^..\....
170: 37 5a da 58 2d 63 ff ff 14 e5 f8 72 0e e2 b3 9f | 7Z.X-c.....r....
180: 07 8a a1 cd 74 b3 be 52 5d 6b 2d 45 93 d8 9a 83 | ....t..R]k-E....
190: 55 2b 86 a8 1f e4 ef dd d6 25 67 1f d5 6d 97 05 | U+.......%g..m..
1a0: da a3 51 c9 02 8b 4f a6 87 e9 78 f9 43 78 db 2e | ..Q...O...x.Cx..
1b0: 4c bc ed 16 d7 97 4c 5e 2e d7 c8 23 7c 14 40 0a | L.....L^...#|.@.
1c0: 91 47 2d 44 cd 84 5a e5 96 49 aa 3e 0a 70 b0 1c | .G-D..Z..I.>.p..
1d0: 78 b5 d9 96 31 db a4 2f 7b f4 f1 e3 06 19 51 44 | x...1../{.....QD
1e0: db 42 f6 0e 28 d5 12 75 3f 59 cd 5e 60 17 26 a7 | .B..(..u?Y.^`.&.
1f0: f8 99 0c d4 c4 55 6e b9 3e 92 52 7a ea 95 fb 82 | .....Un.>.Rz....
200: 09 93 08 c6 68 64 7f 58 67 90 2d e3 ad 9b a2 91 | ....hdXg.-.....
210: cf 14 75 8b 3f 57 96 d0 4d cc 6a e3 6a 62 00 8a | ..u.?W..M.j.jb..
220: 0d 11 41 80 a4 48 1b 0c 78 f5 cd c6 5f fe 6d 7d | ..A..H..x..._.m}
230: 8d 6c ac af fe c3 dd 65 b5 e2 ff 62 80 fd 98 1b | .l.....e...b....
240: 0e 96 31 18 92 6d e4 9a 55 5d d4 40 92 81 02 03 | ..1..m..U].@....
250: 01 00 01 a3 81 95 30 81 92 30 1f 06 03 55 1d 23 | ......0..0...U.#
260: 04 18 30 16 80 14 76 1e c5 f9 4a 32 93 43 41 c8 | ..0...v...J2.CA.
270: 2c 14 56 0f a3 8d 2d 6a 2c 30 30 4a 06 08 2b 06 | ,.V...-j,00J..+.
280: 01 05 05 07 01 01 04 3e 30 3c 30 3a 06 08 2b 06 | .......>0<0:..+.
290: 01 05 05 07 30 01 86 2e 68 74 74 70 3a 2f 2f 64 | ....0...http://d
2a0: 65 6c 74 61 2e 64 73 64 65 76 2e 73 6a 63 2e 72 | elta.dsdev.sjc.r
2b0: 65 64 68 61 74 2e 63 6f 6d 3a 39 31 38 30 2f 63 | edhat.com:9180/c
2c0: 61 2f 6f 63 73 70 30 0e 06 03 55 1d 0f 01 01 ff | a/ocsp0...U.....
2d0: 04 04 03 02 04 f0 30 13 06 03 55 1d 25 04 0c 30 | ......0...U.%..0
2e0: 0a 06 08 2b 06 01 05 05 07 03 01 30 0d 06 09 2a | ...+.......0...*
2f0: 86 48 86 f7 0d 01 01 05 05 00 03 82 01 01 00 2c | .H.............,
300: cc 8c 20 77 93 a5 1f 99 27 27 12 41 6c 2a b4 de | .. w....''.Al*..
310: 1f 62 c8 da 28 f2 0a d3 34 6f db 59 0e 33 60 76 | .b..(...4o.Y.3`v
320: fe 86 4a 3d e3 f4 e5 b7 1a 34 f5 2e d8 1d 1f 82 | ..J=.....4......
330: a0 ad 77 c5 1e a6 9d 12 56 33 4a a4 85 c4 52 9e | ..w.....V3J...R.
340: dc 14 5a b8 1f 53 25 6e 34 f0 bd 8f 6d 49 e2 6a | ..Z..S%n4...mI.j
350: c3 c9 32 13 ff 38 c2 61 03 42 8c 1d d2 0c b4 21 | ..2..8.a.B.....!
360: 87 b6 a0 aa 9b 9d c4 db f0 b7 73 bf 85 c6 7b f4 | ..........s...{.
370: 04 90 65 84 7f 73 f7 f4 be f0 03 cb 68 eb 1e d2 | ..e.s......h...
380: 7b 80 0d 81 d0 9c c3 47 67 bc 43 96 80 a6 96 92 | {......Gg.C.....
390: e3 87 b4 5f 5c bb fc 88 8c 65 54 3a d3 7e bf 66 | ..._\....eT:.~.f
3a0: cc 17 bc 0f a8 76 c7 2f 09 bf 73 31 7a 23 b7 7e | .....v./..s1z#.~
3b0: 95 fe 4d 8a bb b2 9f ea 36 53 12 c3 ab 9a f8 74 | ..M.....6S.....t
3c0: ef f0 99 66 a4 1b 7a de e4 eb f6 79 d1 f8 0b 0a | ...f..z....y....
3d0: 40 e1 b0 96 50 c4 86 88 1d 7b 8d 97 5c ee e9 35 | @...P....{..\..5
3e0: ad 70 de d1 51 05 1e ff c0 20 14 c4 49 cf dd b3 | .p..Q.... ..I...
3f0: 7e d8 38 a3 88 93 9e 04 bb 80 c7 57 2a 5d 10 00 | ~.8........W*]..
400: 03 bc 30 82 03 b8 30 82 02 a0 a0 03 02 01 02 02 | ..0...0.........
410: 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 | ..0...*.H.......
420: 00 30 46 31 24 30 22 06 03 55 04 0a 13 1b 44 73 | .0F1$0"..U....Ds
430: 64 65 76 53 6a 63 52 65 64 68 61 74 20 44 6f 6d | devSjcRedhat Dom
440: 61 69 6e 20 64 65 6c 74 61 31 1e 30 1c 06 03 55 | ain delta1.0...U
450: 04 03 13 15 43 65 72 74 69 66 69 63 61 74 65 20 | ....Certificate
460: 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 30 39 30 | Authority0...090
470: 34 31 36 31 37 32 34 31 30 5a 17 0d 31 31 30 34 | 416172410Z..1104
480: 30 36 31 37 32 34 31 30 5a 30 46 31 24 30 22 06 | 06172410Z0F1$0".
490: 03 55 04 0a 13 1b 44 73 64 65 76 53 6a 63 52 65 | .U....DsdevSjcRe
4a0: 64 68 61 74 20 44 6f 6d 61 69 6e 20 64 65 6c 74 | dhat Domain delt
4b0: 61 31 1e 30 1c 06 03 55 04 03 13 15 43 65 72 74 | a1.0...U....Cert
4c0: 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 | ificate Authorit
4d0: 79 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 | y0.."0...*.H....
4e0: 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 | .........0......
4f0: 01 00 df 53 9f 4a 8d b8 c8 f0 6b cd 8b 2f f0 ac | ...S.J....k../..
500: a7 22 09 4b a8 1a c3 70 4e e0 ab 65 4d f8 da c3 | .".K...pN..eM...
510: 7d b4 0e bf 07 d5 b4 40 19 82 89 b4 e9 ce 81 5e | }......@.......^
520: 4b b7 da f9 10 9e 28 62 0d 64 98 6b d1 eb c4 c1 | K.....(b.d.k....
530: d2 80 7e 48 81 22 e4 ff f8 04 0b 1d 61 d4 22 86 | ..~H."......a.".
540: 92 2b 1e d1 d7 4f 75 17 ff 7e 57 dc f2 fc de 6a | .+...Ou..~W....j
550: 19 4d 3d c8 9b 27 80 e2 cc 2a 9c 37 5c 77 b2 b9 | .M=..'...*.7\w..
560: 86 cc a9 db fc d4 e0 69 48 3b 7a 55 e7 2f 12 bc | .......iH;zU./..
570: 9d 10 5d d9 92 62 99 6a 77 e4 96 b4 7f e0 aa 2d | ..]..b.jw.....-
580: 94 9c 19 0c 9b 3e 08 b1 ff 7b eb c9 5d 92 e6 b9 | .....>...{..]...
590: 7f b3 21 08 e9 5b e3 ea 68 2a 36 10 b0 56 9c 1e | .!..[..h*6..V..
5a0: 54 61 6b 12 1c b3 ba 49 ee d2 9d b7 e5 e7 2a 32 | Tak....I......*2
5b0: 7a 4a 26 2e 04 1b e6 98 4d cf 8c 38 44 1c fa 56 | zJ&.....M..8D..V
5c0: 87 a2 1b 8d d8 d6 27 84 bc ff ed ac ad 5c 27 5d | ......'......\']
5d0: ff 4f 99 26 df ad 4a 64 cb c8 61 55 17 e0 e5 3d | .O.&..Jd..aU...=
5e0: f7 d8 2b a5 ce c1 73 93 81 23 2b 85 30 f8 19 32 | ..+...s..#+.0..2
5f0: 99 61 02 03 01 00 01 a3 81 b0 30 81 ad 30 1f 06 | .a........0..0..
600: 03 55 1d 23 04 18 30 16 80 14 76 1e c5 f9 4a 32 | .U.#..0...v...J2
610: 93 43 41 c8 2c 14 56 0f a3 8d 2d 6a 2c 30 30 0f | .CA.,.V...-j,00.
620: 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 | ..U.......0....0
630: 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 c6 30 | ...U...........0
640: 1d 06 03 55 1d 0e 04 16 04 14 76 1e c5 f9 4a 32 | ...U......v...J2
650: 93 43 41 c8 2c 14 56 0f a3 8d 2d 6a 2c 30 30 4a | .CA.,.V...-j,00J
660: 06 08 2b 06 01 05 05 07 01 01 04 3e 30 3c 30 3a | ..+........>0<0:
670: 06 08 2b 06 01 05 05 07 30 01 86 2e 68 74 74 70 | ..+.....0...http
680: 3a 2f 2f 64 65 6c 74 61 2e 64 73 64 65 76 2e 73 | ://delta.dsdev.s
690: 6a 63 2e 72 65 64 68 61 74 2e 63 6f 6d 3a 39 31 | jc.redhat.com:91
6a0: 38 30 2f 63 61 2f 6f 63 73 70 30 0d 06 09 2a 86 | 80/ca/ocsp0...*.
6b0: 48 86 f7 0d 01 01 05 05 00 03 82 01 01 00 37 87 | H.............7.
6c0: bd a0 3a ad b8 8a ff 7c ae 12 6c eb 81 06 38 81 | ..:....|..l...8.
6d0: b7 3a 1d 55 7d fe e8 34 5f ca 85 b7 33 57 d7 bf | .:.U}..4_...3W..
6e0: 7b 15 7a d6 0d 85 1a fc 23 ea 12 f2 a0 b7 19 50 | {.z.....#......P
6f0: 27 a5 f7 c0 6c 49 27 94 17 18 ef 74 c3 37 a2 f9 | '...lI'....t.7..
700: c8 41 f9 60 47 3b 81 2e e4 5c ef 52 06 91 e9 0a | .A.`G;...\.R....
710: 64 b1 47 1f 7d 2f 18 68 ec d8 6a fa 0e 38 4f 91 | d.G.}/.h..j..8O.
720: bc 9b d2 47 f3 46 0c de 71 1a 34 20 68 62 79 57 | ...G.F..q.4 hbyW
730: c9 f2 f5 0c c8 ae 1c bd 48 5c e3 8e ad 8d b0 fd | ........H\......
740: 68 92 69 a0 04 5d f6 48 f9 0e 99 57 f0 bf 7a 32 | h.i..].H...W..z2
750: 9d 9c 6f db 97 f5 ca 32 ce d1 64 f0 60 ba d2 4d | ..o....2..d.`..M
760: 2b 5b 1a b5 54 ec e6 30 fd d4 67 1c c6 49 64 aa | +[..T..0..g..Id.
770: 8d b8 bb f5 32 66 a5 a6 97 f4 fc eb c9 74 7d 72 | ....2f.......t}r
780: 89 ed e0 9a 2a 2f 4c 4d 78 06 3a 2f c4 2f 13 0f | ....*/LMx.:/./..
790: ff 4b 36 c3 e4 dd 53 cf a5 54 9f b7 1f 0a 7b 88 | .K6...S..T....{.
7a0: 3d 37 ee 5a 98 fb 6c 3d e5 96 ac be 1e 24 19 ec | =7.Z..l=.....$..
7b0: 87 ad 6c e5 40 6c b0 76 31 ea ce 1a 96 cc 0e 00 | ..l........
7c0: 00 00 | ..
(1986 bytes of 1981)
SSLRecord { [Thu Apr 16 16:02:31 2009]
0: 16 03 01 07 bd | .....
type = 22 (handshake)
version = { 3,1 }
length = 1981 (0x7bd)
handshake {
0: 02 00 00 46 | ...F
type = 2 (server_hello)
length = 70 (0x000046)
ServerHello {
server_version = {3, 1}
random = {...}
0: 49 e7 b9 07 3d 96 23 75 66 37 4f ee ad aa 6f 0d | I...=.#uf7O...o.
10: 83 bc d3 aa 98 f1 41 ea ed 9e 5b 87 29 18 d9 94 | ......A...[.)...
session ID = {
length = 32
contents = {...}
0: 2f 64 49 eb f7 2b 88 8b 82 46 56 5f 88 45 8b 91 | /dI..+...FV_.E..
10: 36 28 60 86 27 b6 d2 63 4e 90 ba d6 9c d4 a2 01 | 6(`.'..cN.......
}
cipher_suite = (0x0004) SSL3/RSA/RC4-128/MD5
compression method = 00
}
0: 0b 00 07 6b | ...k
type = 11 (certificate)
length = 1899 (0x00076b)
CertificateChain {
chainlength = 1896 (0x0768)
Certificate {
size = 934 (0x03a6)
data = { saved in file 'cert.001' }
}
Certificate {
size = 956 (0x03bc)
data = { saved in file 'cert.002' }
}
}
0: 0e 00 00 00 | ....
type = 14 (server_hello_done)
length = 0 (0x000000)
}
}
</font>]
--> [
<font color=blue> 0: 16 03 01 01 06 10 00 01 02 01 00 17 5a 07 4c d0 | ............Z.L.
10: d4 a3 a9 0a d5 fd 0e 9c 92 96 4b cd 50 45 46 66 | ..........K.PEFf
20: ce f3 a6 34 5b 9b 7a 5f e2 31 e5 6c 21 bf 4d 7c | ...4[.z_.1.l!.M|
30: 30 eb 5b c9 9d 0b be 31 e5 53 22 e0 34 fd b4 29 | 0.[....1.S".4..)
40: 28 d1 73 5a fe 70 19 24 2f dc 1b b9 9d b5 4a c3 | (.sZ.p.$/.....J.
50: 51 1f af 1c ef c2 85 4e 4e 3e 9c bf 2f 0a d1 1d | Q......NN>../...
60: 8c cc 69 19 04 50 26 97 88 95 64 92 b2 af 64 54 | ..i..P&...d...dT
70: c1 e6 97 58 1a c2 1b fd bc 87 d6 c5 e8 cf 89 27 | ...X...........'
80: 88 66 db 31 11 b1 da fb 00 09 bf c4 af a3 93 96 | .f.1............
90: 32 fc 40 67 84 7e bb a1 31 01 32 b4 8f d1 ed 08 | 2.@g.~..1.2.....
a0: 9d 76 d9 ec 97 b6 9d fa 6b dc f1 93 d5 ea b8 c0 | .v......k.......
b0: b6 1f 41 70 0c a2 a2 e9 ab 16 14 37 a4 51 d9 b7 | ..Ap.......7.Q..
c0: 19 15 a3 8b 25 78 ba c0 70 62 0f 04 86 0c af a9 | ....%x..pb......
d0: 00 ee f4 23 14 fc 3f 14 4a c2 60 b2 c0 44 5e 16 | ...#..?.J.`..D^.
e0: 6b c3 bd c3 1c 97 07 05 ce b0 83 a9 36 4e 9a 19 | k...........6N..
f0: 08 ad bc 28 b2 80 46 44 07 3b bb a2 fd 2c 85 7c | ...(..FD.;...,.|
100: 4e 33 21 5a 4b 20 e1 38 56 99 ed 14 03 01 00 01 | N3!ZK .8V.......
110: 01 16 03 01 00 20 04 3f ce 1a 74 be 80 cf 6c 82 | ..... .?..t...l.
120: fb 1b ce 2d 9e db f1 44 cf 09 33 f2 ba a7 dd 26 | ...-...D..3....&
130: 49 64 5d a0 7b 1c | Id].{.
(310 bytes of 262, with 43 left over)
SSLRecord { [Thu Apr 16 16:02:31 2009]
0: 16 03 01 01 06 | .....
type = 22 (handshake)
version = { 3,1 }
length = 262 (0x106)
handshake {
0: 10 00 01 02 | ....
type = 16 (client_key_exchange)
length = 258 (0x000102)
ClientKeyExchange {
message = {...}
}
}
}
(310 bytes of 1, with 37 left over)
SSLRecord { [Thu Apr 16 16:02:31 2009]
0: 14 03 01 00 01 | .....
type = 20 (change_cipher_spec)
version = { 3,1 }
length = 1 (0x1)
0: 01 | .
}
(310 bytes of 32)
SSLRecord { [Thu Apr 16 16:02:31 2009]
0: 16 03 01 00 20 | ....
type = 22 (handshake)
version = { 3,1 }
length = 32 (0x20)
< encrypted >
}
</font>]
<-- [
<font color=red> 0: 15 03 01 00 02 02 14 | .......
(7 bytes of 2)
SSLRecord { [Thu Apr 16 16:02:31 2009]
0: 15 03 01 00 02 | .....
type = 21 (alert)
version = { 3,1 }
length = 2 (0x2)
fatal: bad_record_mac
0: 02 14 | ..
}
</font>]
Read EOF on Server socket. [Thu Apr 16 16:02:31 2009]
Read EOF on Client socket. [Thu Apr 16 16:02:31 2009]
Connection 1 Complete [Thu Apr 16 16:02:31 2009]
<p><HR><H2>Connection #2 [Thu Apr 16 16:02:31 2009]
</H2>Connected to delta.dsdev.sjc.redhat.com:9443
--> [
<font color=blue> 0: 80 3d 01 03 00 00 24 00 00 00 10 00 00 39 00 00 | .=....$......9..
10: 38 00 00 35 00 00 33 00 00 32 00 00 04 00 00 05 | 8..5..3..2......
20: 00 00 2f 00 00 16 00 00 13 00 fe ff 00 00 0a 53 | ../............S
30: 9c 0a 2e bd 1f 65 22 70 00 6a a0 6f 7f 12 e9 | .....e"p.j.o..
alloclen = 63 bytes
(63 bytes of 63)
[Thu Apr 16 16:02:31 2009] [ssl2] ClientHelloV2 {
version = {0x03, 0x00}
cipher-specs-length = 36 (0x24)
sid-length = 0 (0x00)
challenge-length = 16 (0x10)
cipher-suites = {
(0x000039) TLS/DHE-RSA/AES256-CBC/SHA
(0x000038) TLS/DHE-DSS/AES256-CBC/SHA
(0x000035) TLS/RSA/AES256-CBC/SHA
(0x000033) TLS/DHE-RSA/AES128-CBC/SHA
(0x000032) TLS/DHE-DSS/AES128-CBC/SHA
(0x000004) SSL3/RSA/RC4-128/MD5
(0x000005) SSL3/RSA/RC4-128/SHA
(0x00002f) TLS/RSA/AES128-CBC/SHA
(0x000016) SSL3/DHE-RSA/3DES192EDE-CBC/SHA
(0x000013) SSL3/DHE-DSS/DES192EDE3CBC/SHA
(0x00feff) SSL3/RSA-FIPS/3DESEDE-CBC/SHA
(0x00000a) SSL3/RSA/3DES192EDE-CBC/SHA
}
session-id = { }
challenge = { 0x539c 0x0a2e 0xbd1f 0x6522 0x7000 0x6aa0 0x6f7f 0x12e9 }
}
</font>]
<-- [
<font color=red> 0: 16 03 00 07 bd 02 00 00 46 03 00 49 e7 b9 07 29 | ........F..I...)
10: aa bc 0e 3f fb dd 21 c3 f2 f7 d2 81 e0 76 36 da | ...?..!......v6.
20: 4e e9 60 fe df c7 f5 57 12 41 cd 20 2f 64 8b f7 | N.`....W.A. /d..
30: 8d c8 47 75 3c 43 fb 29 04 32 8c 3f 06 b9 d1 7d | ..Gu<C.).2.?...}
40: 24 92 24 cf e8 42 03 84 2d 90 99 fd 00 04 00 0b | $.$..B..-.......
50: 00 07 6b 00 07 68 00 03 a6 30 82 03 a2 30 82 02 | ..k..h...0...0..
60: 8a a0 03 02 01 02 02 01 03 30 0d 06 09 2a 86 48 | .........0...*.H
70: 86 f7 0d 01 01 05 05 00 30 46 31 24 30 22 06 03 | ........0F1$0"..
80: 55 04 0a 13 1b 44 73 64 65 76 53 6a 63 52 65 64 | U....DsdevSjcRed
90: 68 61 74 20 44 6f 6d 61 69 6e 20 64 65 6c 74 61 | hat Domain delta
a0: 31 1e 30 1c 06 03 55 04 03 13 15 43 65 72 74 69 | 1.0...U....Certi
b0: 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 | ficate Authority
c0: 30 1e 17 0d 30 39 30 34 31 36 31 37 32 34 31 31 | 0...090416172411
d0: 5a 17 0d 31 31 30 34 30 36 31 37 32 34 31 31 5a | Z..110406172411Z
e0: 30 4b 31 24 30 22 06 03 55 04 0a 13 1b 44 73 64 | 0K1$0"..U....Dsd
f0: 65 76 53 6a 63 52 65 64 68 61 74 20 44 6f 6d 61 | evSjcRedhat Doma
100: 69 6e 20 64 65 6c 74 61 31 23 30 21 06 03 55 04 | in delta1#0!..U.
110: 03 13 1a 64 65 6c 74 61 2e 64 73 64 65 76 2e 73 | ...delta.dsdev.s
120: 6a 63 2e 72 65 64 68 61 74 2e 63 6f 6d 30 82 01 | jc.redhat.com0..
130: 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 | "0...*.H........
140: 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 30 | .....0.........0
150: 45 4f 53 eb 0c f1 2f fc 6c 74 e6 4a 53 e7 fe f6 | EOS.../.lt.JS...
160: 77 2e 5b 30 c1 94 97 51 5e c2 e6 5c 80 f3 0e a6 | w.[0...Q^..\....
170: 37 5a da 58 2d 63 ff ff 14 e5 f8 72 0e e2 b3 9f | 7Z.X-c.....r....
180: 07 8a a1 cd 74 b3 be 52 5d 6b 2d 45 93 d8 9a 83 | ....t..R]k-E....
190: 55 2b 86 a8 1f e4 ef dd d6 25 67 1f d5 6d 97 05 | U+.......%g..m..
1a0: da a3 51 c9 02 8b 4f a6 87 e9 78 f9 43 78 db 2e | ..Q...O...x.Cx..
1b0: 4c bc ed 16 d7 97 4c 5e 2e d7 c8 23 7c 14 40 0a | L.....L^...#|.@.
1c0: 91 47 2d 44 cd 84 5a e5 96 49 aa 3e 0a 70 b0 1c | .G-D..Z..I.>.p..
1d0: 78 b5 d9 96 31 db a4 2f 7b f4 f1 e3 06 19 51 44 | x...1../{.....QD
1e0: db 42 f6 0e 28 d5 12 75 3f 59 cd 5e 60 17 26 a7 | .B..(..u?Y.^`.&.
1f0: f8 99 0c d4 c4 55 6e b9 3e 92 52 7a ea 95 fb 82 | .....Un.>.Rz....
200: 09 93 08 c6 68 64 7f 58 67 90 2d e3 ad 9b a2 91 | ....hdXg.-.....
210: cf 14 75 8b 3f 57 96 d0 4d cc 6a e3 6a 62 00 8a | ..u.?W..M.j.jb..
220: 0d 11 41 80 a4 48 1b 0c 78 f5 cd c6 5f fe 6d 7d | ..A..H..x..._.m}
230: 8d 6c ac af fe c3 dd 65 b5 e2 ff 62 80 fd 98 1b | .l.....e...b....
240: 0e 96 31 18 92 6d e4 9a 55 5d d4 40 92 81 02 03 | ..1..m..U].@....
250: 01 00 01 a3 81 95 30 81 92 30 1f 06 03 55 1d 23 | ......0..0...U.#
260: 04 18 30 16 80 14 76 1e c5 f9 4a 32 93 43 41 c8 | ..0...v...J2.CA.
270: 2c 14 56 0f a3 8d 2d 6a 2c 30 30 4a 06 08 2b 06 | ,.V...-j,00J..+.
280: 01 05 05 07 01 01 04 3e 30 3c 30 3a 06 08 2b 06 | .......>0<0:..+.
290: 01 05 05 07 30 01 86 2e 68 74 74 70 3a 2f 2f 64 | ....0...http://d
2a0: 65 6c 74 61 2e 64 73 64 65 76 2e 73 6a 63 2e 72 | elta.dsdev.sjc.r
2b0: 65 64 68 61 74 2e 63 6f 6d 3a 39 31 38 30 2f 63 | edhat.com:9180/c
2c0: 61 2f 6f 63 73 70 30 0e 06 03 55 1d 0f 01 01 ff | a/ocsp0...U.....
2d0: 04 04 03 02 04 f0 30 13 06 03 55 1d 25 04 0c 30 | ......0...U.%..0
2e0: 0a 06 08 2b 06 01 05 05 07 03 01 30 0d 06 09 2a | ...+.......0...*
2f0: 86 48 86 f7 0d 01 01 05 05 00 03 82 01 01 00 2c | .H.............,
300: cc 8c 20 77 93 a5 1f 99 27 27 12 41 6c 2a b4 de | .. w....''.Al*..
310: 1f 62 c8 da 28 f2 0a d3 34 6f db 59 0e 33 60 76 | .b..(...4o.Y.3`v
320: fe 86 4a 3d e3 f4 e5 b7 1a 34 f5 2e d8 1d 1f 82 | ..J=.....4......
330: a0 ad 77 c5 1e a6 9d 12 56 33 4a a4 85 c4 52 9e | ..w.....V3J...R.
340: dc 14 5a b8 1f 53 25 6e 34 f0 bd 8f 6d 49 e2 6a | ..Z..S%n4...mI.j
350: c3 c9 32 13 ff 38 c2 61 03 42 8c 1d d2 0c b4 21 | ..2..8.a.B.....!
360: 87 b6 a0 aa 9b 9d c4 db f0 b7 73 bf 85 c6 7b f4 | ..........s...{.
370: 04 90 65 84 7f 73 f7 f4 be f0 03 cb 68 eb 1e d2 | ..e.s......h...
380: 7b 80 0d 81 d0 9c c3 47 67 bc 43 96 80 a6 96 92 | {......Gg.C.....
390: e3 87 b4 5f 5c bb fc 88 8c 65 54 3a d3 7e bf 66 | ..._\....eT:.~.f
3a0: cc 17 bc 0f a8 76 c7 2f 09 bf 73 31 7a 23 b7 7e | .....v./..s1z#.~
3b0: 95 fe 4d 8a bb b2 9f ea 36 53 12 c3 ab 9a f8 74 | ..M.....6S.....t
3c0: ef f0 99 66 a4 1b 7a de e4 eb f6 79 d1 f8 0b 0a | ...f..z....y....
3d0: 40 e1 b0 96 50 c4 86 88 1d 7b 8d 97 5c ee e9 35 | @...P....{..\..5
3e0: ad 70 de d1 51 05 1e ff c0 20 14 c4 49 cf dd b3 | .p..Q.... ..I...
3f0: 7e d8 38 a3 88 93 9e 04 bb 80 c7 57 2a 5d 10 00 | ~.8........W*]..
400: 03 bc 30 82 03 b8 30 82 02 a0 a0 03 02 01 02 02 | ..0...0.........
410: 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 | ..0...*.H.......
420: 00 30 46 31 24 30 22 06 03 55 04 0a 13 1b 44 73 | .0F1$0"..U....Ds
430: 64 65 76 53 6a 63 52 65 64 68 61 74 20 44 6f 6d | devSjcRedhat Dom
440: 61 69 6e 20 64 65 6c 74 61 31 1e 30 1c 06 03 55 | ain delta1.0...U
450: 04 03 13 15 43 65 72 74 69 66 69 63 61 74 65 20 | ....Certificate
460: 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 30 39 30 | Authority0...090
470: 34 31 36 31 37 32 34 31 30 5a 17 0d 31 31 30 34 | 416172410Z..1104
480: 30 36 31 37 32 34 31 30 5a 30 46 31 24 30 22 06 | 06172410Z0F1$0".
490: 03 55 04 0a 13 1b 44 73 64 65 76 53 6a 63 52 65 | .U....DsdevSjcRe
4a0: 64 68 61 74 20 44 6f 6d 61 69 6e 20 64 65 6c 74 | dhat Domain delt
4b0: 61 31 1e 30 1c 06 03 55 04 03 13 15 43 65 72 74 | a1.0...U....Cert
4c0: 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 | ificate Authorit
4d0: 79 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 | y0.."0...*.H....
4e0: 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 | .........0......
4f0: 01 00 df 53 9f 4a 8d b8 c8 f0 6b cd 8b 2f f0 ac | ...S.J....k../..
500: a7 22 09 4b a8 1a c3 70 4e e0 ab 65 4d f8 da c3 | .".K...pN..eM...
510: 7d b4 0e bf 07 d5 b4 40 19 82 89 b4 e9 ce 81 5e | }......@.......^
520: 4b b7 da f9 10 9e 28 62 0d 64 98 6b d1 eb c4 c1 | K.....(b.d.k....
530: d2 80 7e 48 81 22 e4 ff f8 04 0b 1d 61 d4 22 86 | ..~H."......a.".
540: 92 2b 1e d1 d7 4f 75 17 ff 7e 57 dc f2 fc de 6a | .+...Ou..~W....j
550: 19 4d 3d c8 9b 27 80 e2 cc 2a 9c 37 5c 77 b2 b9 | .M=..'...*.7\w..
560: 86 cc a9 db fc d4 e0 69 48 3b 7a 55 e7 2f 12 bc | .......iH;zU./..
570: 9d 10 5d d9 92 62 99 6a 77 e4 96 b4 7f e0 aa 2d | ..]..b.jw.....-
580: 94 9c 19 0c 9b 3e 08 b1 ff 7b eb c9 5d 92 e6 b9 | .....>...{..]...
590: 7f b3 21 08 e9 5b e3 ea 68 2a 36 10 b0 56 9c 1e | .!..[..h*6..V..
5a0: 54 61 6b 12 1c b3 ba 49 ee d2 9d b7 e5 e7 2a 32 | Tak....I......*2
5b0: 7a 4a 26 2e 04 1b e6 98 4d cf 8c 38 44 1c fa 56 | zJ&.....M..8D..V
5c0: 87 a2 1b 8d d8 d6 27 84 bc ff ed ac ad 5c 27 5d | ......'......\']
5d0: ff 4f 99 26 df ad 4a 64 cb c8 61 55 17 e0 e5 3d | .O.&..Jd..aU...=
5e0: f7 d8 2b a5 ce c1 73 93 81 23 2b 85 30 f8 19 32 | ..+...s..#+.0..2
5f0: 99 61 02 03 01 00 01 a3 81 b0 30 81 ad 30 1f 06 | .a........0..0..
600: 03 55 1d 23 04 18 30 16 80 14 76 1e c5 f9 4a 32 | .U.#..0...v...J2
610: 93 43 41 c8 2c 14 56 0f a3 8d 2d 6a 2c 30 30 0f | .CA.,.V...-j,00.
620: 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 | ..U.......0....0
630: 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 c6 30 | ...U...........0
640: 1d 06 03 55 1d 0e 04 16 04 14 76 1e c5 f9 4a 32 | ...U......v...J2
650: 93 43 41 c8 2c 14 56 0f a3 8d 2d 6a 2c 30 30 4a | .CA.,.V...-j,00J
660: 06 08 2b 06 01 05 05 07 01 01 04 3e 30 3c 30 3a | ..+........>0<0:
670: 06 08 2b 06 01 05 05 07 30 01 86 2e 68 74 74 70 | ..+.....0...http
680: 3a 2f 2f 64 65 6c 74 61 2e 64 73 64 65 76 2e 73 | ://delta.dsdev.s
690: 6a 63 2e 72 65 64 68 61 74 2e 63 6f 6d 3a 39 31 | jc.redhat.com:91
6a0: 38 30 2f 63 61 2f 6f 63 73 70 30 0d 06 09 2a 86 | 80/ca/ocsp0...*.
6b0: 48 86 f7 0d 01 01 05 05 00 03 82 01 01 00 37 87 | H.............7.
6c0: bd a0 3a ad b8 8a ff 7c ae 12 6c eb 81 06 38 81 | ..:....|..l...8.
6d0: b7 3a 1d 55 7d fe e8 34 5f ca 85 b7 33 57 d7 bf | .:.U}..4_...3W..
6e0: 7b 15 7a d6 0d 85 1a fc 23 ea 12 f2 a0 b7 19 50 | {.z.....#......P
6f0: 27 a5 f7 c0 6c 49 27 94 17 18 ef 74 c3 37 a2 f9 | '...lI'....t.7..
700: c8 41 f9 60 47 3b 81 2e e4 5c ef 52 06 91 e9 0a | .A.`G;...\.R....
710: 64 b1 47 1f 7d 2f 18 68 ec d8 6a fa 0e 38 4f 91 | d.G.}/.h..j..8O.
720: bc 9b d2 47 f3 46 0c de 71 1a 34 20 68 62 79 57 | ...G.F..q.4 hbyW
730: c9 f2 f5 0c c8 ae 1c bd 48 5c e3 8e ad 8d b0 fd | ........H\......
740: 68 92 69 a0 04 5d f6 48 f9 0e 99 57 f0 bf 7a 32 | h.i..].H...W..z2
750: 9d 9c 6f db 97 f5 ca 32 ce d1 64 f0 60 ba d2 4d | ..o....2..d.`..M
760: 2b 5b 1a b5 54 ec e6 30 fd d4 67 1c c6 49 64 aa | +[..T..0..g..Id.
770: 8d b8 bb f5 32 66 a5 a6 97 f4 fc eb c9 74 7d 72 | ....2f.......t}r
780: 89 ed e0 9a 2a 2f 4c 4d 78 06 3a 2f c4 2f 13 0f | ....*/LMx.:/./..
790: ff 4b 36 c3 e4 dd 53 cf a5 54 9f b7 1f 0a 7b 88 | .K6...S..T....{.
7a0: 3d 37 ee 5a 98 fb 6c 3d e5 96 ac be 1e 24 19 ec | =7.Z..l=.....$..
7b0: 87 ad 6c e5 40 6c b0 76 31 ea ce 1a 96 cc 0e 00 | ..l........
7c0: 00 00 | ..
(1986 bytes of 1981)
SSLRecord { [Thu Apr 16 16:02:31 2009]
0: 16 03 00 07 bd | .....
type = 22 (handshake)
version = { 3,0 }
length = 1981 (0x7bd)
handshake {
0: 02 00 00 46 | ...F
type = 2 (server_hello)
length = 70 (0x000046)
ServerHello {
server_version = {3, 0}
random = {...}
0: 49 e7 b9 07 29 aa bc 0e 3f fb dd 21 c3 f2 f7 d2 | I...)...?..!....
10: 81 e0 76 36 da 4e e9 60 fe df c7 f5 57 12 41 cd | ..v6.N.`....W.A.
session ID = {
length = 32
contents = {...}
0: 2f 64 8b f7 8d c8 47 75 3c 43 fb 29 04 32 8c 3f | /d....Gu<C.).2.?
10: 06 b9 d1 7d 24 92 24 cf e8 42 03 84 2d 90 99 fd | ...}$.$..B..-...
}
cipher_suite = (0x0004) SSL3/RSA/RC4-128/MD5
compression method = 00
}
0: 0b 00 07 6b | ...k
type = 11 (certificate)
length = 1899 (0x00076b)
CertificateChain {
chainlength = 1896 (0x0768)
Certificate {
size = 934 (0x03a6)
data = { saved in file 'cert.003' }
}
Certificate {
size = 956 (0x03bc)
data = { saved in file 'cert.004' }
}
}
0: 0e 00 00 00 | ....
type = 14 (server_hello_done)
length = 0 (0x000000)
}
}
</font>]
--> [
<font color=blue> 0: 16 03 00 01 04 10 00 01 00 84 7f 68 e8 2f 63 c1 | ..........h./c.
10: 12 16 39 d2 48 3d 68 c8 39 34 22 df 17 77 2f 58 | ..9.H=h.94"..w/X
20: 59 9b 0a 05 14 d3 4c 03 b7 92 ec c0 87 f8 28 52 | Y.....L.......(R
30: 67 48 80 90 be 2c d6 74 85 96 bf 2e a7 1a 08 5e | gH...,.t.......^
40: 61 2a 1b 7f 63 3b 8a 6b d3 1c 8f 96 fc a0 a3 7a | a*.c;.k.......z
50: 59 81 93 6e 18 19 2f 38 98 19 5c bc 52 69 1d 2b | Y..n../8..\.Ri.+
60: bc d4 56 81 c5 83 fa 0b 40 32 50 f7 a2 1c 98 c9 | ..V.....@2P.....
70: 03 c1 f7 6e 1b 0d 98 2f 5b 7a 84 94 43 c5 8d 08 | ...n.../[z..C...
80: d9 ef 0d 2c ee 92 7c 30 4c 65 02 0c c6 f0 43 23 | ...,..|0Le....C#
90: cf 7f dc bb 98 91 10 19 5d cb c2 67 51 ae d3 0c | .......]..gQ...
a0: f7 61 e2 cc 7d c8 cd 6c 0b b6 0e ab 6f 9f de 78 | .a..}..l....o..x
b0: ef e2 23 12 18 4b 03 42 27 4b 86 03 2b 72 e7 e9 | ..#..K.B'K..+r..
c0: 67 10 54 02 a5 15 c8 18 8c cf e2 d7 e7 1e cc 1c | g.T.............
d0: 4e b7 53 b6 ea 23 6e b9 29 df e9 6b 40 55 6b 5d | N.S..#n.)..k@Uk]
e0: 58 61 1b c7 c7 7c 8e a6 b7 19 8e c9 2b 52 de 90 | Xa...|......+R..
f0: 3a 18 72 17 1b cb b6 7d 92 89 0b 5b 30 29 f8 0c | :.r....}...[0)..
100: 27 42 bc 7a 9d b6 bf c4 5f 14 03 00 00 01 01 16 | 'B.z...._.......
110: 03 00 00 38 e2 ca 0f fd 27 7d 7f f4 77 8b 66 34 | ...8....'}.w.f4
120: b5 61 06 8b 4a d0 ce 0e 68 9d c1 90 76 0f e3 53 | .a..J...h...v..S
130: f8 09 ba d1 d8 48 07 df 2d 84 47 9f 64 e2 74 79 | .....H..-.G.d.ty
140: f2 64 fa 3f 97 71 78 66 f2 b2 d0 6a | .d.?.qxf...j
(332 bytes of 260, with 67 left over)
SSLRecord { [Thu Apr 16 16:02:31 2009]
0: 16 03 00 01 04 | .....
type = 22 (handshake)
version = { 3,0 }
length = 260 (0x104)
handshake {
0: 10 00 01 00 | ....
type = 16 (client_key_exchange)
length = 256 (0x000100)
ClientKeyExchange {
message = {...}
}
}
}
(332 bytes of 1, with 61 left over)
SSLRecord { [Thu Apr 16 16:02:31 2009]
0: 14 03 00 00 01 | .....
type = 20 (change_cipher_spec)
version = { 3,0 }
length = 1 (0x1)
0: 01 | .
}
(332 bytes of 56)
SSLRecord { [Thu Apr 16 16:02:31 2009]
0: 16 03 00 00 38 | ....8
type = 22 (handshake)
version = { 3,0 }
length = 56 (0x38)
< encrypted >
}
</font>]
<-- [
<font color=red> 0: 15 03 00 00 02 02 14 | .......
(7 bytes of 2)
SSLRecord { [Thu Apr 16 16:02:31 2009]
0: 15 03 00 00 02 | .....
type = 21 (alert)
version = { 3,0 }
length = 2 (0x2)
fatal: bad_record_mac
0: 02 14 | ..
}
</font>]
Read EOF on Server socket. [Thu Apr 16 16:02:31 2009]
Read EOF on Client socket. [Thu Apr 16 16:02:31 2009]
Connection 2 Complete [Thu Apr 16 16:02:31 2009]
I tried this and confirmed what you saw, Chandra. The port on the Done page now appears to be okay, but clicking on it will get mac error. And guess what? I took Ade's wild suggestion and use the ee port instead, and it works. Am I allowed to say that this is freakily screwy? In debugging this issue, I encountered the following: * the name of the instance and ALL of the ports must be unique values * the name of the Security Domain MUST be changed away from the default value * the name of the Subsystem Type MUST be changed to be a unique string The error encountered is that on the Import CA's Certificate Chain panel, the Trust Dialog will not pop-up resulting in an inability to complete the configuration. Jack and I were able to get rid of the "bad MAC" error by replacing 'clientAuth="agent"' with 'clientAuth="true"' in the "Agent" Connector section of the /var/lib/<instance>/conf/server.xml file.
However, there are still existing port issues, and also, we are now experiencing the following error instead of the "bad MAC" issue:
gamma.dsdev.sjc.redhat.com has received an incorrect or unexpected message.
Error Code: -12227
Created attachment 340654 [details]
Elimination of "bad MAC" Error
Created attachment 340655 [details]
Elimination of "bad MAC" Error (spec files)
Attachments (id=340654) (id=340655) +jmagne . cd pki/base % svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^? M ca/shared/conf/server.xml M tks/shared/conf/server.xml M ocsp/shared/conf/server.xml M kra/shared/conf/server.xml % svn commit Sending base/ca/shared/conf/server.xml Sending base/kra/shared/conf/server.xml Sending base/ocsp/shared/conf/server.xml Sending base/tks/shared/conf/server.xml Transmitting file data .... Committed revision 409. cd pki/dogtag % svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^? M ca/pki-ca.spec M tks/pki-tks.spec M ocsp/pki-ocsp.spec M kra/pki-kra.spec % svn commit Sending dogtag/ca/pki-ca.spec Sending dogtag/kra/pki-kra.spec Sending dogtag/ocsp/pki-ocsp.spec Sending dogtag/tks/pki-tks.spec Transmitting file data .... Committed revision 410. Created attachment 341613 [details]
Make Installation Wizard use "admin" port; re-enable filters (phase 1)
Created attachment 341614 [details]
Make Installation Wizard use "admin" port; re-enable filters (phase 1 - spec files)
Patch URLs were copied from Bugzilla Bug #492735. Created attachment 342572 [details]
Make Installation Wizard use "admin" port, re-enable filters, cleanup Port Separation, etc.
Created attachment 342573 [details]
Make Installation Wizard use "admin" port, re-enable filters, cleanup Port Separation, etc. (dogtag + spec files)
Attachments (id=342572) (id=342573) (id=342574) +jmagne All this content already reviewed in the other bug that this bug refers to. cd pki/base % svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^? M ca/shared/webapps/ca/WEB-INF/web.xml M ca/shared/conf/CS.cfg M ca/shared/conf/server.xml M ca/shared/conf/schema.ldif M ca/shared/etc/init.d/httpd M migrate/80/schema-add.ldif M migrate/80/MigrateSecurityDomain.java M common/src/com/netscape/cms/authentication/TokenAuthentication.java M common/src/com/netscape/cms/servlet/csadmin/DonePanel.java M common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java M common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java M common/src/com/netscape/cms/servlet/csadmin/GetCookie.java M common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java M common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java M common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java M common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java M common/src/com/netscape/cms/servlet/csadmin/NamePanel.java M common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java M common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java M common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java M common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java M common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java M silent/src/tks/ConfigureTKS.java M silent/src/drm/ConfigureDRM.java M silent/src/ra/ConfigureRA.java M silent/src/ca/ConfigureCA.java M silent/src/ocsp/ConfigureOCSP.java M silent/src/tps/ConfigureTPS.java M silent/src/subca/ConfigureSubCA.java M setup/pkiremove M setup/pkicreate M tks/shared/webapps/tks/WEB-INF/web.xml M tks/shared/conf/CS.cfg M tks/shared/conf/server.xml M tks/shared/conf/schema.ldif M ra/doc/CS.cfg M ra/forms/index.cgi M ra/forms/ee/user/renewal.cgi M ra/lib/perl/PKI/RA/DonePanel.pm M ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm M ra/lib/perl/PKI/RA/AdminPanel.pm M ra/lib/perl/PKI/RA/DRMInfoPanel.pm M ra/lib/perl/PKI/RA/CAInfoPanel.pm M ra/lib/perl/PKI/RA/NamePanel.pm M ra/lib/perl/PKI/RA/SecurityDomainPanel.pm M ra/lib/perl/PKI/RA/SubsystemTypePanel.pm M ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm M ra/lib/perl/PKI/RA/SizePanel.pm M ra/lib/perl/PKI/RA/TKSInfoPanel.pm M ocsp/shared/webapps/ocsp/WEB-INF/web.xml M ocsp/shared/conf/CS.cfg M ocsp/shared/conf/server.xml M ocsp/shared/conf/schema.ldif M tps/doc/CS.cfg M tps/lib/perl/PKI/TPS/DonePanel.pm M tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm M tps/lib/perl/PKI/TPS/AdminPanel.pm M tps/lib/perl/PKI/TPS/DRMInfoPanel.pm M tps/lib/perl/PKI/TPS/CAInfoPanel.pm M tps/lib/perl/PKI/TPS/NamePanel.pm M tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm M tps/lib/perl/PKI/TPS/SubsystemTypePanel.pm M tps/lib/perl/PKI/TPS/ImportAdminCertPanel.pm M tps/lib/perl/PKI/TPS/SizePanel.pm M tps/lib/perl/PKI/TPS/TKSInfoPanel.pm M kra/shared/webapps/kra/WEB-INF/web.xml M kra/shared/conf/CS.cfg M kra/shared/conf/server.xml M kra/shared/conf/schema.ldif % svn commit Sending base/ca/shared/conf/CS.cfg Sending base/ca/shared/conf/schema.ldif Sending base/ca/shared/conf/server.xml Sending base/ca/shared/etc/init.d/httpd Sending base/ca/shared/webapps/ca/WEB-INF/web.xml Sending base/common/src/com/netscape/cms/authentication/TokenAuthentication.java Sending base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java Sending base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java Sending base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java Sending base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java Sending base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java Sending base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java Sending base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java Sending base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java Sending base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java Sending base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java Sending base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java Sending base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java Sending base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java Sending base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java Sending base/kra/shared/conf/CS.cfg Sending base/kra/shared/conf/schema.ldif Sending base/kra/shared/conf/server.xml Sending base/kra/shared/webapps/kra/WEB-INF/web.xml Sending base/migrate/80/MigrateSecurityDomain.java Sending base/migrate/80/schema-add.ldif Sending base/ocsp/shared/conf/CS.cfg Sending base/ocsp/shared/conf/schema.ldif Sending base/ocsp/shared/conf/server.xml Sending base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml Sending base/ra/doc/CS.cfg Sending base/ra/forms/ee/user/renewal.cgi Sending base/ra/forms/index.cgi Sending base/ra/lib/perl/PKI/RA/AdminPanel.pm Sending base/ra/lib/perl/PKI/RA/CAInfoPanel.pm Sending base/ra/lib/perl/PKI/RA/DRMInfoPanel.pm Sending base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm Sending base/ra/lib/perl/PKI/RA/DonePanel.pm Sending base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm Sending base/ra/lib/perl/PKI/RA/NamePanel.pm Sending base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm Sending base/ra/lib/perl/PKI/RA/SizePanel.pm Sending base/ra/lib/perl/PKI/RA/SubsystemTypePanel.pm Sending base/ra/lib/perl/PKI/RA/TKSInfoPanel.pm Sending base/setup/pkicreate Sending base/setup/pkiremove Sending base/silent/src/ca/ConfigureCA.java Sending base/silent/src/drm/ConfigureDRM.java Sending base/silent/src/ocsp/ConfigureOCSP.java Sending base/silent/src/ra/ConfigureRA.java Sending base/silent/src/subca/ConfigureSubCA.java Sending base/silent/src/tks/ConfigureTKS.java Sending base/silent/src/tps/ConfigureTPS.java Sending base/tks/shared/conf/CS.cfg Sending base/tks/shared/conf/schema.ldif Sending base/tks/shared/conf/server.xml Sending base/tks/shared/webapps/tks/WEB-INF/web.xml Sending base/tps/doc/CS.cfg Sending base/tps/lib/perl/PKI/TPS/AdminPanel.pm Sending base/tps/lib/perl/PKI/TPS/CAInfoPanel.pm Sending base/tps/lib/perl/PKI/TPS/DRMInfoPanel.pm Sending base/tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm Sending base/tps/lib/perl/PKI/TPS/DonePanel.pm Sending base/tps/lib/perl/PKI/TPS/ImportAdminCertPanel.pm Sending base/tps/lib/perl/PKI/TPS/NamePanel.pm Sending base/tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm Sending base/tps/lib/perl/PKI/TPS/SizePanel.pm Sending base/tps/lib/perl/PKI/TPS/SubsystemTypePanel.pm Sending base/tps/lib/perl/PKI/TPS/TKSInfoPanel.pm Transmitting file data ..................................................................... Committed revision 431. cd pki/dogtag % svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^? M tps-ui/shared/docroot/tps/admin/console/config/createsubsystempanel.vm M tps-ui/shared/docroot/tps/admin/console/config/securitydomainpanel.vm M tps-ui/shared/docroot/tps/admin/console/config/cainfopanel.vm M tps-ui/shared/docroot/tps/admin/console/config/tksinfopanel.vm M tps-ui/shared/docroot/tps/admin/console/config/drminfopanel.vm M tps-ui/shared/docroot/tps/admin/console/config/importadmincertpanel.vm M tps-ui/dogtag-pki-tps-ui.spec M ca/pki-ca.spec M migrate/pki-migrate.spec M common/pki-common.spec A ca-ui/shared/webapps/ca/admin/ca/securitydomainlogin.template A ca-ui/shared/webapps/ca/admin/ca/sendCookie.template D ca-ui/shared/webapps/ca/ee/ca/sendCookie.template D ca-ui/shared/webapps/ca/ee/ca/securitydomainlogin.template M ca-ui/dogtag-pki-ca-ui.spec M silent/pki-silent.spec M setup/pki-setup.spec M tks/pki-tks.spec M ra/pki-ra.spec M common-ui/dogtag-pki-common-ui.spec M common-ui/shared/admin/console/config/importcachainpanel.vm M common-ui/shared/admin/console/config/createsubsystempanel.vm M common-ui/shared/admin/console/config/securitydomainpanel.vm M common-ui/shared/admin/console/config/importadmincertpanel.vm M ocsp/pki-ocsp.spec M tps/pki-tps.spec M kra/pki-kra.spec M ra-ui/shared/docroot/ra/admin/console/config/createsubsystempanel.vm M ra-ui/shared/docroot/ra/admin/console/config/donepanel.vm M ra-ui/shared/docroot/ra/admin/console/config/securitydomainpanel.vm M ra-ui/shared/docroot/ra/admin/console/config/cainfopanel.vm M ra-ui/shared/docroot/ra/admin/console/config/tksinfopanel.vm M ra-ui/shared/docroot/ra/admin/console/config/drminfopanel.vm M ra-ui/shared/docroot/ra/admin/console/config/importadmincertpanel.vm M ra-ui/shared/docroot/index.vm M ra-ui/dogtag-pki-ra-ui.spec % svn commit Sending dogtag/ca/pki-ca.spec Sending dogtag/ca-ui/dogtag-pki-ca-ui.spec Adding dogtag/ca-ui/shared/webapps/ca/admin/ca/securitydomainlogin.template Adding dogtag/ca-ui/shared/webapps/ca/admin/ca/sendCookie.template Deleting dogtag/ca-ui/shared/webapps/ca/ee/ca/securitydomainlogin.template Deleting dogtag/ca-ui/shared/webapps/ca/ee/ca/sendCookie.template Sending dogtag/common/pki-common.spec Sending dogtag/common-ui/dogtag-pki-common-ui.spec Sending dogtag/common-ui/shared/admin/console/config/createsubsystempanel.vm Sending dogtag/common-ui/shared/admin/console/config/importadmincertpanel.vm Sending dogtag/common-ui/shared/admin/console/config/importcachainpanel.vm Sending dogtag/common-ui/shared/admin/console/config/securitydomainpanel.vm Sending dogtag/kra/pki-kra.spec Sending dogtag/migrate/pki-migrate.spec Sending dogtag/ocsp/pki-ocsp.spec Sending dogtag/ra/pki-ra.spec Sending dogtag/ra-ui/dogtag-pki-ra-ui.spec Sending dogtag/ra-ui/shared/docroot/index.vm Sending dogtag/ra-ui/shared/docroot/ra/admin/console/config/cainfopanel.vm Sending dogtag/ra-ui/shared/docroot/ra/admin/console/config/createsubsystempanel.vm Sending dogtag/ra-ui/shared/docroot/ra/admin/console/config/donepanel.vm Sending dogtag/ra-ui/shared/docroot/ra/admin/console/config/drminfopanel.vm Sending dogtag/ra-ui/shared/docroot/ra/admin/console/config/importadmincertpanel.vm Sending dogtag/ra-ui/shared/docroot/ra/admin/console/config/securitydomainpanel.vm Sending dogtag/ra-ui/shared/docroot/ra/admin/console/config/tksinfopanel.vm Sending dogtag/setup/pki-setup.spec Sending dogtag/silent/pki-silent.spec Sending dogtag/tks/pki-tks.spec Sending dogtag/tps/pki-tps.spec Sending dogtag/tps-ui/dogtag-pki-tps-ui.spec Sending dogtag/tps-ui/shared/docroot/tps/admin/console/config/cainfopanel.vm Sending dogtag/tps-ui/shared/docroot/tps/admin/console/config/createsubsystempanel.vm Sending dogtag/tps-ui/shared/docroot/tps/admin/console/config/drminfopanel.vm Sending dogtag/tps-ui/shared/docroot/tps/admin/console/config/importadmincertpanel.vm Sending dogtag/tps-ui/shared/docroot/tps/admin/console/config/securitydomainpanel.vm Sending dogtag/tps-ui/shared/docroot/tps/admin/console/config/tksinfopanel.vm Transmitting file data .................................. Committed revision 432. Verified with build 06/04/2009. - installed/configured all subsystems ca,tks,tps,ra,ocsp,kra on nethsm2k with browser firefox 3 (latest on rhel 5.3 x86_64). - all agent certs are imported onto the browser. - this of course can happen only after the proper ca chain is imported. - and access to agent pages are fine. |