| Summary: | Certificate validation fails with message "Connection error: TLS: hostname does not match CN in peer certificate" | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Kaushik Banerjee <kbanerje> | |
| Component: | sssd | Assignee: | Stephen Gallagher <sgallagh> | |
| Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> | |
| Severity: | urgent | Docs Contact: | ||
| Priority: | urgent | |||
| Version: | 6.2 | CC: | benl, dpal, grajaiya, jgalipea, jhrozek, jn, prc, sbose | |
| Target Milestone: | rc | Keywords: | Regression | |
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | sssd-1.5.1-42.el6 | Doc Type: | Bug Fix | |
| Doc Text: |
Do not document
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 748849 (view as bug list) | Environment: | ||
| Last Closed: | 2011-12-06 16:38:54 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Bug Depends On: | ||||
| Bug Blocks: | 748849 | |||
|
Description
Kaushik Banerjee
2011-06-23 13:45:25 UTC
Corresponding upstream ticket https://fedorahosted.org/sssd/ticket/905 . Certificate validation and auth succeeds now. # ssh -l kau20 localhost kau20@localhost's password: Last login: Thu Sep 22 11:48:40 2011 from localhost Could not chdir to home directory /home/kau20: No such file or directory -sh-4.1$ logout Connection to localhost closed. /var/log/sssd/sssd_LDAP.log shows: (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sbus_dispatch] (9): dbus conn: 1EB7B00 (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sbus_dispatch] (9): Dispatching. (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sbus_message_handler] (9): Received SBUS method [getAccountInfo] (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [be_get_account_info] (4): Got request for [4097][1][name=kau20] (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_id_op_connect_step] (9): beginning to connect (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [fo_resolve_service_send] (4): Trying to resolve service 'LDAP' (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [get_server_status] (7): Status of server 'lion.lab.eng.pnq.redhat.com' is 'name not resolved' (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [get_port_status] (7): Port status of port 636 for server 'lion.lab.eng.pnq.redhat.com' is 'neutral' (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [get_server_status] (7): Status of server 'lion.lab.eng.pnq.redhat.com' is 'name not resolved' (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [resolv_is_address] (9): [lion.lab.eng.pnq.redhat.com] does not look like an IP address (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [resolv_gethostbyname_step] (8): Querying files (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [resolv_gethostbyname_files_send] (4): Trying to resolve A record of 'lion.lab.eng.pnq.redhat.com' in files (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [set_server_common_status] (4): Marking server 'lion.lab.eng.pnq.redhat.com' as 'resolving name' (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [resolv_gethostbyname_step] (8): Querying files (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [resolv_gethostbyname_files_send] (4): Trying to resolve AAAA record of 'lion.lab.eng.pnq.redhat.com' in files (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [resolv_gethostbyname_next] (5): No more address families to retry (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [resolv_gethostbyname_step] (8): Querying DNS (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [schedule_timeout_watcher] (9): Scheduling DNS timeout watcher (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [resolv_gethostbyname_dns_query] (4): Trying to resolve A record of 'lion.lab.eng.pnq.redhat.com' in DNS (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [unschedule_timeout_watcher] (9): Unscheduling DNS timeout watcher (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [resolv_gethostbyname_dns_parse] (7): Parsing an A reply (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [set_server_common_status] (4): Marking server 'lion.lab.eng.pnq.redhat.com' as 'name resolved' (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [be_resolve_server_done] (4): Found address for server lion.lab.eng.pnq.redhat.com: [10.65.201.54] TTL 300 (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_uri_callback] (6): Constructed uri 'ldaps://lion.lab.eng.pnq.redhat.com' (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sss_ldap_init_send] (9): Using file descriptor [26] for LDAP connection. (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_ldap_connect_callback_add] (9): New LDAP connection to [ldaps://lion.lab.eng.pnq.redhat.com:636/??base] with fd [26]. (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_rootdse_send] (9): Getting rootdse (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (6): calling ldap_search_ext with [(objectclass=*)][]. (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [*] (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [altServer] (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [namingContexts] (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [supportedControl] (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [supportedExtension] (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [supportedFeatures] (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [supportedLDAPVersion] (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [supportedSASLMechanisms] (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [defaultNamingContext] (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [lastUSN] (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (7): Requesting attrs: [highestCommittedUSN] (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (8): ldap_search_ext called, msgid = 1 (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0x1ebc630], connected[1], ops[0x1f4db90], ldap[0x1ebcbe0] (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: ldap_result found nothing! (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0x1ebc630], connected[1], ops[0x1f4db90], ldap[0x1ebcbe0] (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_parse_entry] (9): OriginalDN: []. (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0x1ebc630], connected[1], ops[0x1f4db90], ldap[0x1ebcbe0] (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_done] (6): Search result: Success(0), (null) (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_rootdse_done] (9): Got rootdse (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_server_opts_from_rootdse] (5): No known USN scheme is supported by this server! (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_server_opts_from_rootdse] (5): Will use modification timestamp as usn! (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [simple_bind_send] (4): Executing simple bind as: (null) (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [simple_bind_send] (8): ldap simple bind sent, msgid = 2 (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0x1ebc630], connected[1], ops[0x1f4e500], ldap[0x1ebcbe0] (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: ldap_result found nothing! (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_process_result] (8): Trace: sh[0x1ebc630], connected[1], ops[0x1f4e500], ldap[0x1ebcbe0] (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [simple_bind_done] (5): Server returned no controls. (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [simple_bind_done] (3): Bind result: Success(0), (null) (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [fo_set_port_status] (4): Marking port 636 of server 'lion.lab.eng.pnq.redhat.com' as 'working' (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [set_server_common_status] (4): Marking server 'lion.lab.eng.pnq.redhat.com' as 'working' (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_id_op_connect_done] (9): notify connected to op #1 (Thu Sep 22 11:52:04 2011) [sssd[be[LDAP]]] [sdap_get_generic_step] (6): calling ldap_search_ext with [(&(uid=kau20)(objectclass=posixAccount))][dc=example,dc=com]. Verified in version: # rpm -qi sssd | head Name : sssd Relocations: (not relocatable) Version : 1.5.1 Vendor: Red Hat, Inc. Release : 52.el6 Build Date: Tue 20 Sep 2011 09:11:03 PM IST Install Date: Wed 21 Sep 2011 03:07:04 PM IST Build Host: x86-010.build.bos.redhat.com Group : Applications/System Source RPM: sssd-1.5.1-52.el6.src.rpm Size : 3550647 License: GPLv3+ Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://fedorahosted.org/sssd/ Summary : System Security Services Daemon
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
Do not document
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1529.html |