Hi Martin,
This may be far fetched, but have a look at the system time of the RB
and one of the clients. Is xntpd running and effective?
I have seen these strange errors when the clocks of the client and the
server in an SSL transaction are too far apart (more then a few seconds).
Please check just to be sure....
Cheers,
DavidG.
At 11:26 09-12-03, Bly, MJ (Martin) wrote:
>Hi David,
>
>Yes, we periodically see the whinges thus:
>
>edg-wl-logd[10928]: edg_wll_ssl_accept() failed
>(error:00000000:lib(0):func(0):reason(0))
>edg-wl-logd[10929]: edg_wll_ssl_accept() failed (error:14094412:SSL
>routines:SSL3_READ_BYTES:sslv3 alert bad certificate)
>
>which go on adnauseam. I had associated these with the attempst to read the
>.1 files - obviously not the case from what you say, though using strace
>does prompt these to reappear for the duration of the strace.
>
>Martin.
>--
> -------------------------------------------------------
> Martin Bly | +44 1235 446981 | [log in to unmask]
> Systems Admin, Tier 1/A Service, RAL PPD CSG
> -------------------------------------------------------
>
> > -----Original Message-----
> > From: David Groep [mailto:[log in to unmask]]
> > Sent: Tuesday, December 09, 2003 10:20 AM
> > To: [log in to unmask]
> > Subject: Re: [LCG-ROLLOUT] Globus error 3
> >
> >
> > Hi Martin,
> >
> > At 11:11 09-12-03, Bly, MJ (Martin) wrote:
> > >We consistently get into the state where the edg-wl-logd
> > whinges about
> > >trying to read (via one of its sub processes) the file
> > >/etc/grid-security/certificates/01621954.1 which isn't there and as I
> > >understand it, is never likely to the there.
> >
> > If you see this attempt when using strace on the process: that's
> > correct and documented behaviour. OpenSSL will try to read the .0, .1
> > etc files in order, and the first one that fails signals the end of
> > the certificate store for that CA.
> >
> > If it complains publicly (i.e. if you see that failed attempt apart
> > from the strace log), that would be a real problem. Otherwise, don't
> > get confused by this ENOENT from the ".1" file.
> >
> > Cheers,
> > DavidG.
> >
> > >Previously, deleting the *.r0 files and recreating them using
> > >edg-fetch-crl-cron seemed to fix the problem. It now
> > appears to fix the
> > >problem but only if I don't resort to strace on edg-wl-logd. :-(
> >
> >
> >
> >
> > --
> > David Groep
> >
> > ** National Institute for Nuclear and High Energy Physics,
> > Grid/VL group **
> > ** Room: H1.57 Phone: +31 20 592 2179, PObox 41882, NL-1009
> > DB Amsterdam NL **
> >
--
David Groep
** National Institute for Nuclear and High Energy Physics, Grid/VL group **
** Room: H1.57 Phone: +31 20 592 2179, PObox 41882, NL-1009 DB Amsterdam NL **
|