On Feb 11, 2013, at 8:34 PM, Alex Harvey wrote: > For the sake of the archives (and not sure how useful this will be in the > archives but...) I'll post in plaintext what I see on my screen and then send > you a PCAP file privately.
The way I turned this into meaningful decode was with wireshark/tshark: [[email protected] ~/Downloads]% tshark -n -d tcp.port==8140,ssl -r aix-ssl.pcap -R ssl 4 0.001309 10.10.38.200 -> 10.10.47.48 SSLv2 171 Client Hello 6 0.049141 10.10.47.48 -> 10.10.38.200 TLSv1 1514 Server Hello 8 0.049158 10.10.47.48 -> 10.10.38.200 TLSv1 910 Certificate 10 0.049920 10.10.38.200 -> 10.10.47.48 TLSv1 73 Alert (Level: Fatal, Description: Unknown CA) it then repeats a few times. I suspect the underlying openssl implementation requires the ca certificate to be in the hash-dir format, and won't just use a single-file ca certificate. Can you point the `c_rehash` script from the openssl distribution at your puppet CA cert and see if that changes things? Eric Sorenson - [email protected] #puppet irc: eric0 -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-dev?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
