Error with TLS Call Home connection using netopeer2-cli #1623
Comments
|
Hi, what libnetconf2/netopeer2 versions are you using? I think that the problem is that you're missing a |
|
Hi @Roytak , We are using libnetconf2-2.1.31 and netopeer2-2.1.59. The issue might be related to a missing cert-to-name entry for the client's certificate in the server's configuration. Here's an example of how it should look: This configuration needs to be added under the section of your in the server configuration. |
Describe the issue:
I am encountering an error when attempting to listen for a TLS Call Home connection using netopeer2-cli. Below is the command and the error log I receive:
Command:
listen --tls
Error Log:
cmd_listen: Waiting 60s for a TLS Call Home connection on port 4335...
nc ERROR: Communication socket unexpectedly closed.
cmd_listen: Receiving TLS Call Home on port 4335 failed.
Here are the relevant logs from the netopeer2-server:
[INF]: LN: Trying to connect via IPv4 to 172.17.167.137:4335.
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: [INF]: LN: Successfully connected to 172.17.167.137:4335 over IPv4.
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: Successfully connected to 172.17.167.137:4335 over IPv4.
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: Session 822 (user "root", CID 56) created.
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: [INF]: SR: Session 822 (user "root", CID 56) created.
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: Session 823 (user "root", CID 56) created.
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: [INF]: SR: Session 823 (user "root", CID 56) created.
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: Session 824 (user "root", CID 56) created.
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: [INF]: SR: Session 824 (user "root", CID 56) created.
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: Cert verify: depth 1.
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: [INF]: LN: Cert verify: depth 1.
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: [INF]: LN: Cert verify: subject: /C=in/ST=ut/L=ut/O=ut/OU=ru/CN=ut/emailAddress=[email protected].
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: [INF]: LN: Cert verify: issuer: /C=in/ST=ut/L=ut/O=ut/OU=ru/CN=ut/emailAddress=[email protected].
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: [INF]: LN: Cert verify CTN: cert fail, cert-to-name will continue on the next cert in chain.
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: [INF]: LN: Cert verify: depth 0.
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: [INF]: LN: Cert verify: subject: /C=in/ST=ut/L=ut/O=ut/OU=ru/CN=ut/emailAddress=[email protected].
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: [INF]: LN: Cert verify: issuer: /C=in/ST=ut/L=ut/O=ut/OU=ru/CN=ut/emailAddress=[email protected].
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: [INF]: LN: Cert-to-name unsuccessful, dropping the new client.
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: [ERR]: LN: Client certificate error (application verification failure).
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: [ERR]: LN: SSL accept failed (certificate verify failed).
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: Cert verify: subject: /C=in/ST=ut/L=ut/O=ut/OU=ru/CN=ut/emailAddress=[email protected].
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: Cert verify: issuer: /C=in/ST=ut/L=ut/O=ut/OU=ru/CN=ut/emailAddress=[email protected].
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: Cert verify CTN: cert fail, cert-to-name will continue on the next cert in chain.
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: Cert verify: depth 0.
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: Cert verify: subject: /C=in/ST=ut/L=ut/O=ut/OU=ru/CN=ut/emailAddress=[email protected].
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: Cert verify: issuer: /C=in/ST=ut/L=ut/O=ut/OU=ru/CN=ut/emailAddress=[email protected].
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: Cert-to-name unsuccessful, dropping the new client.
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: Client certificate error (application verification failure).
Aug 08 09:45:01 13266--SW--MCP7 netopeer2-server[41237]: SSL accept failed (certificate verify failed).
Aug 08 09:45:03 13266--SW--MCP7 netopeer2-server[41237]: Call Home client "default-client" endpoint "endpoint-tls" failed connection attempt limit 3 reached.
Aug 08 09:45:03 13266--SW--MCP7 netopeer2-server[41237]: [INF]: LN: Call Home client "default-client" endpoint "endpoint-tls" failed connection attempt limit 3 reached.
Aug 08 09:45:03 13266--SW--MCP7 netopeer2-server[41237]: [INF]: LN: Call Home client "default-client" endpoint "endpoint-tls" connecting...
Aug 08 09:45:03 13266--SW--MCP7 netopeer2-server[41237]: [INF]: LN: Trying to connect via IPv4 to 172.17.167.137:4335.
Aug 08 09:45:03 13266--SW--MCP7 netopeer2-server[41237]: [INF]: LN: getsockopt() error (Connection refused).
Aug 08 09:45:03 13266--SW--MCP7 netopeer2-server[41237]: Call Home client "default-client" endpoint "endpoint-tls" connecting...
Aug 08 09:45:03 13266--SW--MCP7 netopeer2-server[41237]: Trying to connect via IPv4 to 172.17.167.137:4335.
Steps to Reproduce:
listen --tlscommand from netopeer2-cli.Expected Behavior:
The TLS Call Home connection should be established successfully.
Actual Behavior:
The connection fails with the error:
SSL accept failed (certificate verify failed).Any help resolving this issue would be greatly appreciated.
regard
aarti
The text was updated successfully, but these errors were encountered: