Hi Wes,
The server side logs are as follows:
cert:util:config: parsing 10
A7:C7:EB:F8:30:6B:4F:9E:78:28:C4:1E:CF:F1:DC:6B:EA:91:C6:AE --cn
cert:find:params: looking for remote_peer(2) in MULTIPLE(0x200), hint
3214037692
cert:find:params: looking for remote_peer(2) in FINGERPRINT(0x2), hint
3214037692
cert:find:params: hint =
A7:C7:EB:F8:30:6B:4F:9E:78:28:C4:1E:CF:F1:DC:6B:EA:91:C6:AE
cert:find:found: using cert manager_self_1.crt /
a7c7ebf8306b4f9e7828c41ecff1dc6bea91c6ae for remote_peer(2)
(uses=remote_peer (2))
cert:find:found: using cert manager_self_1.crt /
a7c7ebf8306b4f9e7828c41ecff1dc6bea91c6ae for remote_peer(2)
(uses=remote_peer (2))
cert:map:add: pri 10, fp a7c7ebf8306b4f9e7828c41ecff1dc6bea91c6ae
dtlsudp: netsnmp_dtlsudp_transport(): transports/snmpDTLSUDPDomain.c, 1421:
A SNMP version other than 3 was requested with (D)TLS; using 3 anyways
tlstcp: listening on tlstcp port 0.0.0.0:10161
cert:find:params: looking for identity(1) in DEFAULT(0x0), hint 0
cert:find:params: looking for identity(1) in MULTIPLE(0x200), hint 165187808
cert:find:params: looking for identity(1) in FINGERPRINT(0x2), hint
165187808
cert:find:params: hint =
64:B0:D3:30:3F:8F:F5:96:67:57:7F:5A:71:31:C9:98:6F:D9:14:56
cert:find:found: using cert snmpd_self.crt /
64b0d3303f8ff59667577f5a7131c9986fd91456 for identity(1)
(uses=identity+remote_peer (3))
cert:find:found: using cert snmpd_self.crt /
64b0d3303f8ff59667577f5a7131c9986fd91456 for identity(1)
(uses=identity+remote_peer (3))
NET-SNMP version 5.7.3.rc3
dtlsudp: received 148 raw bytes on way to dtls
dtlsudp: starting a new connection
cert:find:params: looking for identity(1) in DEFAULT(0x0), hint 0
cert:find:params: looking for identity(1) in MULTIPLE(0x200), hint 165187808
cert:find:params: looking for identity(1) in FINGERPRINT(0x2), hint
165187808
cert:find:params: hint =
64:B0:D3:30:3F:8F:F5:96:67:57:7F:5A:71:31:C9:98:6F:D9:14:56
cert:find:found: using cert snmpd_self.crt /
64b0d3303f8ff59667577f5a7131c9986fd91456 for identity(1)
(uses=identity+remote_peer (3))
cert:find:found: using cert snmpd_self.crt /
64b0d3303f8ff59667577f5a7131c9986fd91456 for identity(1)
(uses=identity+remote_peer (3))
dtlsudp:cookie: generating cookie...
dtlsudp: have 48 bytes to send
dtlsudp: received 168 raw bytes on way to dtls
dtlsudp:cookie: verify cookie: 1
dtlsudp: have 1375 bytes to send
dtlsudp: received 148 raw bytes on way to dtls
dtlsudp: starting a new connection
cert:find:params: looking for identity(1) in DEFAULT(0x0), hint 0
cert:find:params: looking for identity(1) in MULTIPLE(0x200), hint 165187808
cert:find:params: looking for identity(1) in FINGERPRINT(0x2), hint
165187808
cert:find:params: hint =
64:B0:D3:30:3F:8F:F5:96:67:57:7F:5A:71:31:C9:98:6F:D9:14:56
cert:find:found: using cert snmpd_self.crt /
64b0d3303f8ff59667577f5a7131c9986fd91456 for identity(1)
(uses=identity+remote_peer (3))
cert:find:found: using cert snmpd_self.crt /
64b0d3303f8ff59667577f5a7131c9986fd91456 for identity(1)
(uses=identity+remote_peer (3))
dtlsudp have 48 bytes to send
dtlsudp: received 168 raw bytes on way to dtls
dtlsudp:cookie: verify cookie: 1
dtlsudp: have 1375 bytes to send
dtlsudp: received 1948 raw bytes on way to dtls
tls_x509:verify: Cert:
/C=US/ST=CA/L=Davis/O=Net-SNMP/OU=Development/CN=self1/emailAddress=
ad...@net-snmp.org
tls_x5:cookie: generating cookie...
dtlsudp:09:verify: fp: a7c7ebf8306b4f9e7828c41ecff1dc6bea91c6ae
cert:find:params: looking for remote_peer(2) in FINGERPRINT(0x2), hint
165219632
cert:find:params: hint = a7c7ebf8306b4f9e7828c41ecff1dc6bea91c6ae
cert:find:found: using cert manager_self_1.crt /
a7c7ebf8306b4f9e7828c41ecff1dc6bea91c6ae for remote_peer(2)
(uses=remote_peer (2))
tls_x509:verify: Found locally: /usr/share/manager_self_1.crt
tls_x509:verify: verify_callback called with: ok=0 ctx=0xbf9268d8 depth=0
err=18:self signed certificate
tls_x509:verify: accepting matching fp of self-signed certificate found
in: manager_self_1.crt
tls_x509:verify: Cert:
/C=US/ST=CA/L=Davis/O=Net-SNMP/OU=Development/CN=self1/emailAddress=
ad...@net-snmp.org
tls_x509:verify: fp: a7c7ebf8306b4f9e7828c41ecff1dc6bea91c6ae
tls_x509:verify: verify_callback called with: ok=1 ctx=0xbf9268d8 depth=0
err=18:self signed certificate
tls_x509:verify: returning the passed in value of 1
dtlsudp: have 1498 bytes to send
Thanks,
Dharm
On Tue, Dec 23, 2014 at 12:04 PM, Wes Hardaker <
harda...@users.sourceforge.net> wrote:
> Dharm S <dharm.sk2...@gmail.com> writes:
>
> > failed rfc5343 contextEngineID probing
>
> So, judging from the packet information it appears that the snmp library
> looks like it gets the dtls connection open (or at least it believes it
> is; whether the *other* side agrees is subject to debate still). Then
> it's trying to send a contextEngineId probe through which is 69 bytes
> long. and it tries that multiple times (and you can see the buffer
> filling up because all the packet buffers add up in multiples of
> 69). And then it finally fails with a contextEngineId sync failure.
>
> Do you have the logs from the server side too?
> --
> Wes Hardaker
> Parsons
>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
