Re: [Puppet-dev] SSL 'read server certificate B: certificate verify failed' on AIX 5.3 - bug?

Mon, 11 Feb 2013 20:35:01 -0800 


On Tuesday, February 12, 2013 6:44:09 AM UTC+11, Eric Sorenson wrote:
>
>
> Hi Alex, I've also seen this from other users -- would it be possible to 
> get a tcpdump that shows the negotiation? Doesn't have to be decrypted, the 
> thing I'm mostly curious about is available in the plaintext payload. I 
> want to see how far into the ssl negotiation this actually gets, and 
> whether there's a specific TLS Alert being returned. Feel free to email me 
> directly if you don't want to post it.
>
> Eric Sorenson - [email protected] <javascript:>
> #puppet irc: eric0 
>
 
For the sake of the archives (and not sure how useful this will be in the 
archives but...) I'll post in plaintext what I see on my screen and then 
send you a PCAP file privately.

myaix53client[/]# tcpdump host mymaster
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type 1, capture size 65535 bytes
15:31:51.552551 IP myaix53client.mydomain.com.44565 > 
mymaster.mydomain.com.8140: S 2290943239:2290943239(0) win 65535 <mss 
1460,nop,wscale 3,nop,nop,timestamp 1428647350 0>
15:31:51.553289 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44565: S 2034061028:2034061028(0) ack 2290943240 
win 5792 <mss 1460,nop,nop,timestamp 1255468285 1428647350,nop,wscale 9>
15:31:51.553325 IP myaix53client.mydomain.com.44565 > 
mymaster.mydomain.com.8140: . ack 1 win 32761 <nop,nop,timestamp 1428647350 
1255468285>
15:31:51.554202 IP myaix53client.mydomain.com.44565 > 
mymaster.mydomain.com.8140: P 1:106(105) ack 1 win 32761 <nop,nop,timestamp 
1428647350 1255468285>
15:31:51.554578 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44565: . ack 106 win 12 <nop,nop,timestamp 
1255468286 1428647350>
15:31:51.601942 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44565: . 1:1449(1448) ack 106 win 12 
<nop,nop,timestamp 1255468334 1428647350>
15:31:51.601960 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44565: . 1449:2897(1448) ack 106 win 12 
<nop,nop,timestamp 1255468334 1428647350>
15:31:51.601967 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44565: P 2897:3741(844) ack 106 win 12 
<nop,nop,timestamp 1255468334 1428647350>
15:31:51.602043 IP myaix53client.mydomain.com.44565 > 
mymaster.mydomain.com.8140: . ack 3741 win 32660 <nop,nop,timestamp 
1428647350 1255468334>
15:31:51.602728 IP myaix53client.mydomain.com.44565 > 
mymaster.mydomain.com.8140: P 106:113(7) ack 3741 win 32660 
<nop,nop,timestamp 1428647350 1255468334>
15:31:51.603095 IP myaix53client.mydomain.com.44565 > 
mymaster.mydomain.com.8140: F 113:113(0) ack 3741 win 32761 
<nop,nop,timestamp 1428647350 1255468334>
15:31:51.603215 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44565: . ack 113 win 12 <nop,nop,timestamp 
1255468335 1428647350>
15:31:51.603497 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44565: F 3741:3741(0) ack 114 win 12 
<nop,nop,timestamp 1255468336 1428647350>
15:31:51.603510 IP myaix53client.mydomain.com.44565 > 
mymaster.mydomain.com.8140: . ack 3742 win 32761 <nop,nop,timestamp 
1428647350 1255468336>
15:31:51.621912 IP myaix53client.mydomain.com.44566 > 
mymaster.mydomain.com.8140: S 1333307615:1333307615(0) win 65535 <mss 
1460,nop,wscale 3,nop,nop,timestamp 1428647350 0>
15:31:51.622251 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44566: S 2034842199:2034842199(0) ack 1333307616 
win 5792 <mss 1460,nop,nop,timestamp 1255468354 1428647350,nop,wscale 9>
15:31:51.622285 IP myaix53client.mydomain.com.44566 > 
mymaster.mydomain.com.8140: . ack 1 win 32761 <nop,nop,timestamp 1428647350 
1255468354>
15:31:51.622759 IP myaix53client.mydomain.com.44566 > 
mymaster.mydomain.com.8140: P 1:106(105) ack 1 win 32761 <nop,nop,timestamp 
1428647350 1255468354>
15:31:51.623150 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44566: . ack 106 win 12 <nop,nop,timestamp 
1255468355 1428647350>
15:31:51.670146 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44566: . 1:1449(1448) ack 106 win 12 
<nop,nop,timestamp 1255468402 1428647350>
15:31:51.670164 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44566: . 1449:2897(1448) ack 106 win 12 
<nop,nop,timestamp 1255468402 1428647350>
15:31:51.670169 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44566: P 2897:3741(844) ack 106 win 12 
<nop,nop,timestamp 1255468402 1428647350>
15:31:51.670305 IP myaix53client.mydomain.com.44566 > 
mymaster.mydomain.com.8140: . ack 3741 win 32660 <nop,nop,timestamp 
1428647350 1255468402>
15:31:51.670847 IP myaix53client.mydomain.com.44566 > 
mymaster.mydomain.com.8140: P 106:113(7) ack 3741 win 32660 
<nop,nop,timestamp 1428647350 1255468402>
15:31:51.671156 IP myaix53client.mydomain.com.44566 > 
mymaster.mydomain.com.8140: F 113:113(0) ack 3741 win 32761 
<nop,nop,timestamp 1428647350 1255468402>
15:31:51.671368 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44566: . ack 113 win 12 <nop,nop,timestamp 
1255468404 1428647350>
15:31:51.671765 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44566: F 3741:3741(0) ack 114 win 12 
<nop,nop,timestamp 1255468404 1428647350>
15:31:51.671777 IP myaix53client.mydomain.com.44566 > 
mymaster.mydomain.com.8140: . ack 3742 win 32761 <nop,nop,timestamp 
1428647350 1255468404>
15:31:51.677245 IP myaix53client.mydomain.com.44567 > 
mymaster.mydomain.com.8140: S 3647731133:3647731133(0) win 65535 <mss 
1460,nop,wscale 3,nop,nop,timestamp 1428647350 0>
15:31:51.677636 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44567: S 2045073666:2045073666(0) ack 3647731134 
win 5792 <mss 1460,nop,nop,timestamp 1255468410 1428647350,nop,wscale 9>
15:31:51.677652 IP myaix53client.mydomain.com.44567 > 
mymaster.mydomain.com.8140: . ack 1 win 32761 <nop,nop,timestamp 1428647350 
1255468410>
15:31:51.678464 IP myaix53client.mydomain.com.44567 > 
mymaster.mydomain.com.8140: P 1:106(105) ack 1 win 32761 <nop,nop,timestamp 
1428647350 1255468410>
15:31:51.678861 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44567: . ack 106 win 12 <nop,nop,timestamp 
1255468411 1428647350>
15:31:51.725119 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44567: . 1:1449(1448) ack 106 win 12 
<nop,nop,timestamp 1255468457 1428647350>
15:31:51.725133 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44567: . 1449:2897(1448) ack 106 win 12 
<nop,nop,timestamp 1255468457 1428647350>
15:31:51.725140 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44567: P 2897:3741(844) ack 106 win 12 
<nop,nop,timestamp 1255468457 1428647350>
15:31:51.725253 IP myaix53client.mydomain.com.44567 > 
mymaster.mydomain.com.8140: . ack 3741 win 32660 <nop,nop,timestamp 
1428647350 1255468457>
15:31:51.725744 IP myaix53client.mydomain.com.44567 > 
mymaster.mydomain.com.8140: P 106:113(7) ack 3741 win 32660 
<nop,nop,timestamp 1428647350 1255468457>
15:31:51.726041 IP myaix53client.mydomain.com.44567 > 
mymaster.mydomain.com.8140: F 113:113(0) ack 3741 win 32761 
<nop,nop,timestamp 1428647350 1255468457>
15:31:51.726281 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44567: . ack 113 win 12 <nop,nop,timestamp 
1255468458 1428647350>
15:31:51.726582 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44567: F 3741:3741(0) ack 114 win 12 
<nop,nop,timestamp 1255468459 1428647350>
15:31:51.726592 IP myaix53client.mydomain.com.44567 > 
mymaster.mydomain.com.8140: . ack 3742 win 32761 <nop,nop,timestamp 
1428647350 1255468459>
15:31:54.601573 IP myaix53client.mydomain.com.44568 > 
mymaster.mydomain.com.8140: S 629116937:629116937(0) win 65535 <mss 
1460,nop,wscale 3,nop,nop,timestamp 1428647356 0>
15:31:54.601996 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44568: S 2048498450:2048498450(0) ack 629116938 
win 5792 <mss 1460,nop,nop,timestamp 1255471334 1428647356,nop,wscale 9>
15:31:54.602033 IP myaix53client.mydomain.com.44568 > 
mymaster.mydomain.com.8140: . ack 1 win 32761 <nop,nop,timestamp 1428647356 
1255471334>
15:31:54.602649 IP myaix53client.mydomain.com.44568 > 
mymaster.mydomain.com.8140: P 1:106(105) ack 1 win 32761 <nop,nop,timestamp 
1428647356 1255471334>
15:31:54.602975 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44568: . ack 106 win 12 <nop,nop,timestamp 
1255471336 1428647356>
15:31:54.649868 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44568: . 1:1449(1448) ack 106 win 12 
<nop,nop,timestamp 1255471382 1428647356>
15:31:54.649878 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44568: . 1449:2897(1448) ack 106 win 12 
<nop,nop,timestamp 1255471382 1428647356>
15:31:54.649884 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44568: P 2897:3741(844) ack 106 win 12 
<nop,nop,timestamp 1255471382 1428647356>
15:31:54.649953 IP myaix53client.mydomain.com.44568 > 
mymaster.mydomain.com.8140: . ack 3741 win 32660 <nop,nop,timestamp 
1428647356 1255471382>
15:31:54.650581 IP myaix53client.mydomain.com.44568 > 
mymaster.mydomain.com.8140: P 106:113(7) ack 3741 win 32660 
<nop,nop,timestamp 1428647356 1255471382>
15:31:54.651121 IP myaix53client.mydomain.com.44568 > 
mymaster.mydomain.com.8140: F 113:113(0) ack 3741 win 32761 
<nop,nop,timestamp 1428647356 1255471382>
15:31:54.651130 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44568: . ack 113 win 12 <nop,nop,timestamp 
1255471383 1428647356>
15:31:54.651490 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44568: F 3741:3741(0) ack 114 win 12 
<nop,nop,timestamp 1255471384 1428647356>
15:31:54.651502 IP myaix53client.mydomain.com.44568 > 
mymaster.mydomain.com.8140: . ack 3742 win 32761 <nop,nop,timestamp 
1428647356 1255471384>
15:31:54.666859 IP myaix53client.mydomain.com.44569 > 
mymaster.mydomain.com.8140: S 1897231777:1897231777(0) win 65535 <mss 
1460,nop,wscale 3,nop,nop,timestamp 1428647356 0>
15:31:54.667268 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44569: S 2051610074:2051610074(0) ack 1897231778 
win 5792 <mss 1460,nop,nop,timestamp 1255471399 1428647356,nop,wscale 9>
15:31:54.667284 IP myaix53client.mydomain.com.44569 > 
mymaster.mydomain.com.8140: . ack 1 win 32761 <nop,nop,timestamp 1428647356 
1255471399>
15:31:54.667598 IP myaix53client.mydomain.com.44569 > 
mymaster.mydomain.com.8140: P 1:106(105) ack 1 win 32761 <nop,nop,timestamp 
1428647356 1255471399>
15:31:54.668055 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44569: . ack 106 win 12 <nop,nop,timestamp 
1255471400 1428647356>
15:31:54.715307 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44569: . 1:1449(1448) ack 106 win 12 
<nop,nop,timestamp 1255471447 1428647356>
15:31:54.715320 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44569: . 1449:2897(1448) ack 106 win 12 
<nop,nop,timestamp 1255471447 1428647356>
15:31:54.715327 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44569: P 2897:3741(844) ack 106 win 12 
<nop,nop,timestamp 1255471447 1428647356>
15:31:54.715382 IP myaix53client.mydomain.com.44569 > 
mymaster.mydomain.com.8140: . ack 3741 win 32660 <nop,nop,timestamp 
1428647356 1255471447>
15:31:54.715808 IP myaix53client.mydomain.com.44569 > 
mymaster.mydomain.com.8140: P 106:113(7) ack 3741 win 32660 
<nop,nop,timestamp 1428647356 1255471447>
15:31:54.716024 IP myaix53client.mydomain.com.44569 > 
mymaster.mydomain.com.8140: F 113:113(0) ack 3741 win 32761 
<nop,nop,timestamp 1428647356 1255471447>
15:31:54.716241 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44569: . ack 113 win 12 <nop,nop,timestamp 
1255471448 1428647356>
15:31:54.716559 IP mymaster.mydomain.com.8140 > 
myaix53client.mydomain.com.44569: F 3741:3741(0) ack 114 win 12 
<nop,nop,timestamp 1255471448 1428647356>
15:31:54.716570 IP myaix53client.mydomain.com.44569 > 
mymaster.mydomain.com.8140: . ack 3742 win 32761 <nop,nop,timestamp 
1428647356 1255471448>
^C
623 packets received by filter
0 packets dropped by kernel


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-dev?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to