View Issue Details

IDProjectCategoryView StatusLast Update
0000375bareos-coredirectorpublic2014-12-18 19:01
Reporterpstorz Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
PlatformLinuxOSanyOS Version3
Product Version14.2.2 
Fixed in Version14.2.2 
Summary0000375: passive mode with TLS does not work during backup.
DescriptionWhen using passive mode in combination with TLS, backups do not work anymore.

The problem seems only to exist during passive mode when the sd connects to the fd.
Additional InformationDirector Log of failing job:

bareos-dir JobId 74: Start Backup JobId 74, Job=BackupDasi1.2014-12-17_11.35.51_34
 bareos-dir JobId 74: Using Device "FileStorage" to write.
 bareos-sd JobId 74: Error: crypto_openssl.c:1481 Connect failure: ERR=error:14092072:SSL routines:SSL3_GET_SERVER_HELLO:bad message type
 bareos-sd JobId 74: Fatal error: TLS negotiation failed with File daemon at "localhost:9102"
 bareos-sd JobId 74: Fatal error: authenticate.c:413 Authorization problem: Two way security handshake failed with File daemon at File Daemon
 bareos-sd JobId 74: Fatal error: Failed to authenticate File daemon.
 bareos-dir JobId 74: Fatal error: Bad response to Passive client command: wanted 2000 OK passive client
, got 3991 Bad passive client command: ������������������������������������������������@


FD log:

bareos-fd: dir_cmd.c:576-0 Conn: Hello Storage calling Start Job BackupDasi1.2014-12-17_11.38.52_36
bareos-fd: dir_cmd.c:590-0 Got a SD connection at 17-Dec-2014 11:39:20
bareos-fd: sd_cmds.c:69-0 Found Job BackupDasi1.2014-12-17_11.38.52_36
bareos-fd: cram-md5.c:68-0 send: auth cram-md5 <1234183231.1418812760@bareos-fd> ssl=2
bareos-fd: cram-md5.c:123-0 cram-get received: auth cram-md5 <1113085872.1418812760@bareos-sd> ssl=2
bareos-fd: cram-md5.c:143-0 sending resp to challenge: h6V3jD+p9X+73h+Yg6/54B
bareos-fd: crypto_openssl.c:1480-0 jcr=7fd134001078 Connect failure: ERR=error:14092072:SSL routines:SSL3_GET_SERVER_HELLO:bad message type
bareos-fd: sd_cmds.c:78-0 Authentication failed Job BackupDasi1.2014-12-17_11.38.52_36



Job output:

bareos-sd JobId 75: Error: crypto_openssl.c:1481 Connect failure: ERR=error:14092072:SSL routines:SSL3_GET_SERVER_HELLO:bad message type
 bareos-sd JobId 75: Fatal error: TLS negotiation failed with File daemon at "localhost:9102"
 bareos-sd JobId 75: Fatal error: authenticate.c:413 Authorization problem: Two way security handshake failed with File daemon at File Daemon
 bareos-sd JobId 75: Fatal error: Failed to authenticate File daemon.
 bareos-dir JobId 75: Fatal error: Bad response to Passive client command: wanted 2000 OK passive client
, got 3991 Bad passive client command: @

 bareos-fd JobId 75: Error: crypto_openssl.c:1481 Connect failure: ERR=error:14092072:SSL routines:SSL3_GET_SERVER_HELLO:bad message type
 bareos-fd JobId 75: Fatal error: TLS negotiation failed.
 bareos-fd JobId 75: Fatal error: Unable to authenticate File daemon
 bareos-dir JobId 75: Fatal error: Network error with FD during Backup: ERR=No data available
 bareos-dir JobId 75: Fatal error: No Job status returned from FD.
TagsNo tags attached.

Activities

There are no notes attached to this issue.

Related Changesets

bareos: bareos-14.2 cedb2d9b

2014-12-17 14:27

mvwieringen

Ported: N/A

Details Diff
When initiating the TLS connection use tls_server. Affected Issues
0000375
mod - src/filed/authenticate.c Diff File

bareos-regress: master 2c41cda5

2014-12-17 15:19

pstorz

Ported: N/A

Details Diff
Add tls test for passive mode Affected Issues
0000375
mod - DartTestfile.txt.in Diff File
add - scripts/tls-bareos-dir-passive.conf.in Diff File
add - scripts/tls-bareos-fd-passive.conf.in Diff File
add - tests/tls-passive-test Diff File

Issue History

Date Modified Username Field Change
2014-12-17 12:49 pstorz New Issue
2014-12-17 16:23 mvwieringen Changeset attached => bareos bareos-14.2 cedb2d9b
2014-12-17 16:25 mvwieringen Changeset attached => bareos-regress master 2c41cda5
2014-12-18 19:01 mvwieringen Status new => closed
2014-12-18 19:01 mvwieringen Resolution open => fixed
2014-12-18 19:01 mvwieringen Fixed in Version => 14.2.2