[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] how to knock at shared port daemon for initiating/debugging SSL handshake



Hi Thomas,

Unfortunately, there's no simple way to debug - the TLS handshake occurs in the middle of HTCondor's binary protocol.

I usually debug such things by setting TOOL_DEBUG=D_FULLDEBUG,D_SECURITY.  At that level, the client does a reasonably good job of at least emitting the OpenSSL error messages -- and debug from there.

Brian

> On Apr 11, 2022, at 6:54 AM, Thomas Hartmann <thomas.hartmann@xxxxxxx> wrote:
> 
> Hi all,
> 
> is there a way to connect with `openssl s_client` to a CondorCE running
> a shared port daemon?
> 
> I.e., I would like to debug a probable certificate issue for one of our
> VOs, where their connection fails early - and my suspicion is, that
> their trusted CA chain is not in order. Thus, I would like them just to
> initiate the SSL handshake for more details.
> However, no SSL handshake is initiated when going directly for the
> CE:port - as I suppose that one needs to knock correctly for the shared
> port daemon, or?
> 
> Cheers,
>  Thomas
> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
> 
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/