Description of problem: I have two CentOS 7 hosts: one acting as the sigul bridge, the other as the sigul server. My workstation (the sigul client) is running Fedora 24. It seems that any attempt to use the sigul client results in an error like this: $ sigul list-users Administrator's password: 2016-09-19 11:12:16,660 WARNING: (child) Exception in child Traceback (most recent call last): File "/usr/share/sigul/double_tls.py", line 777, in __child _ForwardingBuffer.forward_two_way(buf_1, buf_2) File "/usr/share/sigul/double_tls.py", line 177, in forward_two_way buf_1._receive(poll_descs) File "/usr/share/sigul/double_tls.py", line 335, in _receive r1 = self.__receive_inner(poll_descs) File "/usr/share/sigul/double_tls.py", line 277, in __receive_inner data = self.__inner_src.recv(self._BUFFER_LEN - len(self.__buffer)) ValueError: I/O operation on closed socket Version-Release number of selected component (if applicable): bridge & sever: sigul-0.101-1.el7.noarch client: sigul-0.102-3.fc24.noarch How reproducible: always Actual results: In addition to the error shown above for the client, the bridge logs: 2016-09-19 11:32:28,316 INFO: Client with CN 'd13677' connected 2016-09-19 11:32:28,319 INFO: Unexpected EOF: EOFError('Unexpected EOF on _DoubleTLS',) 2016-09-19 11:32:28,319 DEBUG: Request handling finished 2016-09-19 11:32:28,319 DEBUG: Waiting for the server to connect 2016-09-19 11:32:28,366 DEBUG: Waiting for the client to connect and the server logs: 2016-09-19 11:32:28,319 DEBUG: (child) NSPR error: Connection reset 2016-09-19 11:32:28,321 DEBUG: Child exited with status 256 2016-09-19 11:32:28,322 INFO: Unexpected EOF 2016-09-19 11:32:28,322 DEBUG: Request handling finished 2016-09-19 11:32:28,363 DEBUG: Waiting for a request Expected results: Normal functionality, or a more helpful error message if there's some incompatibility boundary being crossed here. Additional info: This occurred while I was attempting to rebuild an old Fedora 21 setup. At first I thought the problem was with the new CentOS 7-based server and bridge until I went back for a sanity check and attempted my example "sigul list-users" against the old F21 setup. Interestingly, I get the same errors on the client and older bridge. The older server merely logs: 2016-09-19 11:38:45,007 INFO: Unexpected EOF Since my $HOME (and consequently ~/.sigul/) is on NFS and usable from both my workstation and the bridge, I am to log into the bridge and run sigul commands there successfully as workaround. This also confirms that there's likely no problems in the configuration of my new bridge and server.
Right, this is a bug caused by python-nss on the client. You need to either update python-nss to 1.0.0 (not the beta), but I don't think that's in Fedora 24 yet. For now, I would suggest to downgrade python-nss to 0.16 (https://kojipkgs.fedoraproject.org//packages/python-nss/0.16.0/1.fc23/x86_64/python-nss-0.16.0-1.fc23.x86_64.rpm). Even though this build is for F23, it will work with F24. This has been filed as #1322958, and the python-nss bug is filed as #1367216.
Patrick, thanks for the super-quick response. I can confirm that "sudo dnf downgrade https://kojipkgs.fedoraproject.org//packages/python-nss/0.16.0/1.fc23/x86_64/python-nss-0.16.0-1.fc23.x86_64.rpm" indeed provides a workable solution.
Great! I'll try to bug the python-nss maintainer once more to get this fixed version out to Fedora 23/24/25 as well. *** This bug has been marked as a duplicate of bug 1367216 ***
Oh and sorry for the dupe of #1322958. My search completely missed that because it's been marked as closed.