Difference between revisions of "Tools/Manuals/TS15"
< Tools
Jump to navigation
Jump to search
Line 1: | Line 1: | ||
{{Template:Op menubar}} | |||
{{Template:Doc_menubar}} | |||
[[Category:Operations Manuals]] | |||
{{TOC_right}} | {{TOC_right}} | ||
------ | ------ | ||
Back to [[Tools/Manuals/SiteProblemsFollowUp|Troubleshooting Guide]] | Back to [[Tools/Manuals/SiteProblemsFollowUp|Troubleshooting Guide]] |
Latest revision as of 13:40, 23 November 2012
Main | EGI.eu operations services | Support | Documentation | Tools | Activities | Performance | Technology | Catch-all Services | Resource Allocation | Security |
Documentation menu: | Home • | Manuals • | Procedures • | Training • | Other • | Contact ► | For: | VO managers • | Administrators |
Back to Troubleshooting Guide
failed unwrapping ENC message
Full message
$ uberftp some-SE.some-domain 220 some-SE.some-domain GridFTP Server 1.12 GSSAPI type Globus/GSI wu-2.6.2 (gcc32dbg, 1062606889-42) ready. 535-FTPD GSSAPI error: GSS Major Status: General failure 535-FTPD GSSAPI error: GSS Minor Status Error Chain: 535-FTPD GSSAPI error: 535-FTPD GSSAPI error: unwrap.c:273: gss_unwrap: internal problem with SSL BIO: SSL_read rc=-1 535-FTPD GSSAPI error: OpenSSL Error: a_verify.c:109: in library: asn1 encoding routines, function ASN1_verify: bad get asn1 object call 535-FTPD GSSAPI error: OpenSSL Error: rsa_eay.c:578: in library: rsa routines, function RSA_EAY_PUBLIC_DECRYPT: padding check failed 535-FTPD GSSAPI error: OpenSSL Error: rsa_pk1.c:100: in library: rsa routines, function RSA_padding_check_PKCS1_type_1: block type is not 01 535-FTPD GSSAPI error: OpenSSL Error: a_verify.c:109: in library: asn1 encoding routines, function ASN1_verify: bad get asn1 object call 535-FTPD GSSAPI error: OpenSSL Error: rsa_sign.c:149: in library: rsa routines, function RSA_verify: wrong signature length 535-FTPD GSSAPI error: OpenSSL Error: a_verify.c:109: in library: asn1 encoding routines, function ASN1_verify: bad get asn1 object call 535-FTPD GSSAPI error: OpenSSL Error: rsa_eay.c:578: in library: rsa routines, function RSA_EAY_PUBLIC_DECRYPT: padding check failed 535-FTPD GSSAPI error: OpenSSL Error: rsa_pk1.c:100: in library: rsa routines, function RSA_padding_check_PKCS1_type_1: block type is not 01 535-FTPD GSSAPI error: OpenSSL Error: a_verify.c:109: in library: asn1 encoding routines, function ASN1_verify: bad get asn1 object call 535-FTPD GSSAPI error: OpenSSL Error: rsa_sign.c:149: in library: rsa routines, function RSA_verify: wrong signature length 535-FTPD GSSAPI error: OpenSSL Error: a_verify.c:109: in library: asn1 encoding routines, function ASN1_verify: bad get asn1 object call 535-FTPD GSSAPI error: OpenSSL Error: rsa_sign.c:149: in library: rsa routines, function RSA_verify: wrong signature length 535-FTPD GSSAPI error: OpenSSL Error: a_verify.c:109: in library: asn1 encoding routines, function ASN1_verify: bad get asn1 object call 535-FTPD GSSAPI error: OpenSSL Error: rsa_eay.c:578: in library: rsa routines, function RSA_EAY_PUBLIC_DECRYPT: padding check failed 535-FTPD GSSAPI error: OpenSSL Error: rsa_pk1.c:100: in library: rsa routines, function RSA_padding_check_PKCS1_type_1: block type is not 01 535 FTPD GSSAPI error: failed unwrapping ENC message
Or with lcg-utils:
$ lcg-cp -v --vo ops file:/etc/group gsiftp://some-SE.some-domain/tmp/foo.$$ Source URL: file:/etc/group File size: 588 Source URL for copy: file:/etc/group Destination URL: gsiftp://some-SE.some-domain/tmp/foo.6720 # streams: 1 # set timeout to 0 (seconds) 0 bytes 0.00 KB/sec avg 0.00 KB/sec inst the server sent an error response: 535 535-FTPD GSSAPI error: GSS Major Status: General failure 535-FTPD GSSAPI error: GSS Minor Status Error Chain: 535-FTPD GSSAPI error: 535-FTPD GSSAPI error: unwrap.c:273: gss_unwrap: internal problem with SSL BIO: SSL_read rc=-1 535-FTPD GSSAPI error: OpenSSL Error: a_verify.c:109: in library: asn1 encoding routines, function ASN1_verify: bad get asn1 object call 535-FTPD GSSAPI error: OpenSSL Error: rsa_eay.c:578: in library: rsa routines, function RSA_EAY_PUBLIC_DECRYPT: padding check failed 535-FTPD GSSAPI error: OpenSSL Error: rsa_pk1.c:100: in library: rsa routines, function RSA_padding_check_PKCS1_type_1: block type is not 01 535-FTPD GSSAPI error: OpenSSL Error: a_verify.c:109: in library: asn1 encoding routines, function ASN1_verify: bad get asn1 object call 535-FTPD GSSAPI error: OpenSSL Error: rsa_sign.c:149: in library: rsa routines, function RSA_verify: wrong signature length 535-FTPD GSSAPI error: OpenSSL Error: a_verify.c:109: in library: asn1 encoding routines, function ASN1_verify: bad get asn1 object call 535-FTPD GSSAPI error: OpenSSL Error: rsa_eay.c:578: in library: rsa routines, function RSA_EAY_PUBLIC_DECRYPT: padding check failed 535-FTPD GSSAPI error: OpenSSL Error: rsa_pk1.c:100: in library: rsa routines, function RSA_padding_check_PKCS1_type_1: block type is not 01 535-FTPD GSSAPI error: OpenSSL Error: a_verify.c:109: in library: asn1 encoding routines, function ASN1_verify: bad get asn1 object call 535-FTPD GSSAPI error: OpenSSL Error: rsa_sign.c:149: in library: rsa routines, function RSA_verify: wrong signature length 535-FTPD GSSAPI error: OpenSSL Error: a_verify.c:109: in library: asn1 encoding routines, function ASN1_verify: bad get asn1 object call 535-FTPD GSSAPI error: OpenSSL Error: rsa_sign.c:149: in library: rsa routines, function RSA_verify: wrong signature length 535-FTPD GSSAPI error: OpenSSL Error: a_verify.c:109: in library: asn1 encoding routines, function ASN1_verify: bad get asn1 object call 535-FTPD GSSAPI error: OpenSSL Error: rsa_eay.c:578: in library: rsa routines, function RSA_EAY_PUBLIC_DECRYPT: padding check failed 535-FTPD GSSAPI error: OpenSSL Error: rsa_pk1.c:100: in library: rsa routines, function RSA_padding_check_PKCS1_type_1: block type is not 01 535 FTPD GSSAPI error: failed unwrapping MIC message lcg_cp: Invalid argument
Diagnosis
With older GridFTP server versions this typically would happen for a VOMS proxy signed by a VOMS server whose current host certificate was not installed on the failing service. The service either closed the connection immediately or injected some unexpected data (e.g. some notice or warning, printed on stderr) into the socket, while the client still expected data for the GSI dialogue.