Mailing List Archives
Authenticated access
|
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] how to knock at shared port daemon for initiating/debugging SSL handshake
- Date: Mon, 11 Apr 2022 13:50:33 +0000
- From: "Bockelman, Brian" <BBockelman@xxxxxxxxxxxxx>
- Subject: Re: [HTCondor-users] how to knock at shared port daemon for initiating/debugging SSL handshake
Hi Thomas,
Unfortunately, there's no simple way to debug - the TLS handshake occurs in the middle of HTCondor's binary protocol.
I usually debug such things by setting TOOL_DEBUG=D_FULLDEBUG,D_SECURITY. At that level, the client does a reasonably good job of at least emitting the OpenSSL error messages -- and debug from there.
Brian
> On Apr 11, 2022, at 6:54 AM, Thomas Hartmann <thomas.hartmann@xxxxxxx> wrote:
>
> Hi all,
>
> is there a way to connect with `openssl s_client` to a CondorCE running
> a shared port daemon?
>
> I.e., I would like to debug a probable certificate issue for one of our
> VOs, where their connection fails early - and my suspicion is, that
> their trusted CA chain is not in order. Thus, I would like them just to
> initiate the SSL handshake for more details.
> However, no SSL handshake is initiated when going directly for the
> CE:port - as I suppose that one needs to knock correctly for the shared
> port daemon, or?
>
> Cheers,
> Thomas
> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/