Hello list, On ven., avr 10, 2009, baculal...@encambio.com wrote: >>>> On mer., avr 8, 2009, baculal...@encambio.com wrote: >>>>> Director hostname back1.host.com: Solaris x86 11 (nv-b91) >>>>> File daemon hostname back1.host.com: Solaris x86 11 (nv-b91) >>>>> >>>>> Errors seen on the director: >>>>> 08-Apr 09:36 bacsrv-dir JobId 40: Start Backup JobId 40, >>>>> Job=Debut.2009-04-08_09.36.52.03 >>>>> 08-Apr 09:36 bacsrv-dir JobId 40: Using Device "FileStorage" >>>>> 08-Apr 09:37 bacsrv-dir JobId 0: Error: openssl.c:86 Connect failure: >>>>> ERR=error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number >>>>> 08-Apr 09:37 bacsrv-dir JobId 40: Fatal error: TLS negotiation failed >>>>> with FD at "back1.host.com:9102". >>>>> >>>>> >I trussed(1) the bacula-fd process and debugged the code to find >that the SSL logic reads(2) from a blocked socket [...] > >[...] > >If I remove the fnctl(2) where the socket is set to nonblocking, >things go further but in the end the client is unable to read >anything and the director reports 'Fatal error: FD gave bad response >to JobId command: No data available.' > >Anybody familiar with the logic around openssl_bsock_session_start, >or have an idea of what might be going on? Is anybody besides me >using Solaris? Remember that Solaris has its own not the BSD >variant) socket API. > Okay several months later I've solved the problem best described as:
'connecting a Linux Bacula director to a Solaris Bacula file daemon and receiving the error: Error: openssl.c:86 Connect failure: ERR=error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number' The failure appears on Bacula 3.0.2 (as it did on 2.4.4 as well.) This fatal error went away after OpenSSL on the Solaris host was recompiled with multithreading support like this: $ ./config --prefix=<path1> --openssldir=<path2> threads $ make The Linux hosts don't fail with the above error even when OpenSSL multithreading isn't compiled, so the change is not needed there. This means that now 'TLS Enable', 'TLS Require', and 'TLS Verify Peer' are turned on everywhere and the backups are finally working. The page [1] describing Bacula requirements doesn't mention anything about TLS requiring a multithreaded OpenSSL on some platforms (or even that TLS requires OpenSSL at all.) I couldn't find the TeX source in 'git://[...]/docs/manuals/', so somebody else will have to correct the requirements (if they want to.) [1] http://www.bacula.org/en/dev-manual/System_Requirements.html Regards, Eduard ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
