Tools/Manuals/TS15

From EGIWiki
< Tools(Redirected from Tools/Manuals/TS16)
Jump to: navigation, search
Main EGI.eu operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security


Documentation menu: Home Manuals Procedures Training Other Contact For: VO managers Administrators

Contents



Back to Troubleshooting Guide


failed unwrapping ENC message

Full message

$ uberftp some-SE.some-domain
220 some-SE.some-domain GridFTP Server 1.12 GSSAPI type Globus/GSI wu-2.6.2
 (gcc32dbg, 1062606889-42) ready. 
535-FTPD GSSAPI error: GSS Major Status: General failure 
535-FTPD GSSAPI error: GSS Minor Status Error Chain: 
535-FTPD GSSAPI error:  
535-FTPD GSSAPI error: unwrap.c:273: gss_unwrap: internal problem with SSL BIO:
 SSL_read rc=-1 
535-FTPD GSSAPI error: OpenSSL Error: a_verify.c:109: in library:
 asn1 encoding routines, function ASN1_verify: bad get asn1 object call 
535-FTPD GSSAPI error: OpenSSL Error: rsa_eay.c:578: in library:
 rsa routines, function RSA_EAY_PUBLIC_DECRYPT: padding check failed 
535-FTPD GSSAPI error: OpenSSL Error: rsa_pk1.c:100: in library:
 rsa routines, function RSA_padding_check_PKCS1_type_1: block type is not 01 
535-FTPD GSSAPI error: OpenSSL Error: a_verify.c:109: in library:
 asn1 encoding routines, function ASN1_verify: bad get asn1 object call 
535-FTPD GSSAPI error: OpenSSL Error: rsa_sign.c:149: in library:
 rsa routines, function RSA_verify: wrong signature length 
535-FTPD GSSAPI error: OpenSSL Error: a_verify.c:109: in library:
 asn1 encoding routines, function ASN1_verify: bad get asn1 object call 
535-FTPD GSSAPI error: OpenSSL Error: rsa_eay.c:578: in library:
 rsa routines, function RSA_EAY_PUBLIC_DECRYPT: padding check failed 
535-FTPD GSSAPI error: OpenSSL Error: rsa_pk1.c:100: in library:
 rsa routines, function RSA_padding_check_PKCS1_type_1: block type is not 01 
535-FTPD GSSAPI error: OpenSSL Error: a_verify.c:109: in library:
 asn1 encoding routines, function ASN1_verify: bad get asn1 object call 
535-FTPD GSSAPI error: OpenSSL Error: rsa_sign.c:149: in library:
 rsa routines, function RSA_verify: wrong signature length 
535-FTPD GSSAPI error: OpenSSL Error: a_verify.c:109: in library:
 asn1 encoding routines, function ASN1_verify: bad get asn1 object call 
535-FTPD GSSAPI error: OpenSSL Error: rsa_sign.c:149: in library:
 rsa routines, function RSA_verify: wrong signature length 
535-FTPD GSSAPI error: OpenSSL Error: a_verify.c:109: in library:
 asn1 encoding routines, function ASN1_verify: bad get asn1 object call 
535-FTPD GSSAPI error: OpenSSL Error: rsa_eay.c:578: in library:
 rsa routines, function RSA_EAY_PUBLIC_DECRYPT: padding check failed 
535-FTPD GSSAPI error: OpenSSL Error: rsa_pk1.c:100: in library:
 rsa routines, function RSA_padding_check_PKCS1_type_1: block type is not 01 
535 FTPD GSSAPI error: failed unwrapping ENC message

Or with lcg-utils:

$ lcg-cp -v --vo ops file:/etc/group gsiftp://some-SE.some-domain/tmp/foo.$$
Source URL: file:/etc/group
File size: 588
Source URL for copy: file:/etc/group
Destination URL: gsiftp://some-SE.some-domain/tmp/foo.6720
# streams: 1
# set timeout to  0 (seconds)
            0 bytes      0.00 KB/sec avg      0.00 KB/sec inst
the server sent an error response: 535 
535-FTPD GSSAPI error: GSS Major Status: General failure
535-FTPD GSSAPI error: GSS Minor Status Error Chain:
535-FTPD GSSAPI error: 
535-FTPD GSSAPI error: unwrap.c:273: gss_unwrap: internal problem with SSL BIO:
 SSL_read rc=-1
535-FTPD GSSAPI error: OpenSSL Error: a_verify.c:109: in library:
 asn1 encoding routines, function ASN1_verify: bad get asn1 object call
535-FTPD GSSAPI error: OpenSSL Error: rsa_eay.c:578: in library:
 rsa routines, function RSA_EAY_PUBLIC_DECRYPT: padding check failed
535-FTPD GSSAPI error: OpenSSL Error: rsa_pk1.c:100: in library:
 rsa routines, function RSA_padding_check_PKCS1_type_1: block type is not 01
535-FTPD GSSAPI error: OpenSSL Error: a_verify.c:109: in library:
 asn1 encoding routines, function ASN1_verify: bad get asn1 object call
535-FTPD GSSAPI error: OpenSSL Error: rsa_sign.c:149: in library:
 rsa routines, function RSA_verify: wrong signature length
535-FTPD GSSAPI error: OpenSSL Error: a_verify.c:109: in library:
 asn1 encoding routines, function ASN1_verify: bad get asn1 object call
535-FTPD GSSAPI error: OpenSSL Error: rsa_eay.c:578: in library:
 rsa routines, function RSA_EAY_PUBLIC_DECRYPT: padding check failed
535-FTPD GSSAPI error: OpenSSL Error: rsa_pk1.c:100: in library:
 rsa routines, function RSA_padding_check_PKCS1_type_1: block type is not 01
535-FTPD GSSAPI error: OpenSSL Error: a_verify.c:109: in library:
 asn1 encoding routines, function ASN1_verify: bad get asn1 object call
535-FTPD GSSAPI error: OpenSSL Error: rsa_sign.c:149: in library:
 rsa routines, function RSA_verify: wrong signature length
535-FTPD GSSAPI error: OpenSSL Error: a_verify.c:109: in library:
 asn1 encoding routines, function ASN1_verify: bad get asn1 object call
535-FTPD GSSAPI error: OpenSSL Error: rsa_sign.c:149: in library:
 rsa routines, function RSA_verify: wrong signature length
535-FTPD GSSAPI error: OpenSSL Error: a_verify.c:109: in library:
 asn1 encoding routines, function ASN1_verify: bad get asn1 object call
535-FTPD GSSAPI error: OpenSSL Error: rsa_eay.c:578: in library:
 rsa routines, function RSA_EAY_PUBLIC_DECRYPT: padding check failed
535-FTPD GSSAPI error: OpenSSL Error: rsa_pk1.c:100: in library:
 rsa routines, function RSA_padding_check_PKCS1_type_1: block type is not 01
535 FTPD GSSAPI error: failed unwrapping MIC message 

lcg_cp: Invalid argument


Diagnosis

With older GridFTP server versions this typically would happen for a VOMS proxy signed by a VOMS server whose current host certificate was not installed on the failing service. The service either closed the connection immediately or injected some unexpected data (e.g. some notice or warning, printed on stderr) into the socket, while the client still expected data for the GSI dialogue.

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox
Print/export