Client side error while running the ra-tls-secret-prov example

[Saikat Mukhopadhyay]

Hello All.

I was trying to run the "client" under ra-tls-secret-prov/secret_prov_pf.

Followed the steps below:- 

export RA_TLS_ALLOW_DEBUG_ENCLAVE_INSECURE=1
export RA_TLS_ALLOW_OUTDATED_TCB_INSECURE=1
export RA_TLS_ALLOW_HW_CONFIG_NEEDED=1
export RA_TLS_ALLOW_SW_HARDENING_NEEDED=1

- Secret Provisioning flows, ECDSA-based (DCAP) attestation:

```sh
make app dcap RA_TYPE=dcap

# test encrypted files client (other examples can be tested similarly)
cd secret_prov_pf
./server_dcap wrap_key &

" root@4d46f5483a9e:/gramine/CI-Examples/ra-tls-secret-prov/secret_prov_pf# --- Reading the master key for encrypted files from 'wrap_key' ---

--- Starting the Secret Provisioning server on port 4433 ---
secret_provision_start_server: Secret Provisioning failed during mbedtls_net_bind with error -70
[error] secret_provision_start_server() returned -1 "

I am using Ubuntu 22.04

 Any suggestion would be a great help.

[Michał Kowalczyk]

Hi,

Could you check if your port 4433 is actually available? (i.e. nothing else is using it right now)

Best,
mkow

--
You received this message because you are subscribed to the Google Groups "Gramine Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gramine-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gramine-users/7b6a8ddc-b069-4717-9c54-0502b0587aa2n%40googlegroups.com.

[Saikat Mukhopadhyay]

I ran this and see the result

saikat@SGX-server:~$ netstat -tuln | grep 4433
tcp        0      0 0.0.0.0:4433            0.0.0.0:*               LISTEN

[Michał Kowalczyk]

Ok, so you have some other process occupying this TCP port, that's why Gramine fails. You can check the process name with `--program` to netstat (but that may require sudo to work).

To view this discussion on the web visit https://groups.google.com/d/msgid/gramine-users/911e6019-aaa5-4146-8ee0-cf7c65009a58n%40googlegroups.com.

[Saikat Mukhopadhyay]

No, Michael, I double-checked. The TCP port is open.

I wonder if anyone has succeeded before with this approach.

Would like to know how they accomplished.

Please let me know.

Regards

Saikat 

[Michał Kowalczyk]

I don't understand it then, in the previous message you posted netstat output which says that something is occupying that port, but in the last you say that there nothing there?

To view this discussion on the web visit https://groups.google.com/d/msgid/gramine-users/4bca158d-0da5-4453-99a6-8b44a9b8730cn%40googlegroups.com.

[Saikat Mukhopadhyay]

Hi Michal.

I posted this before 

saikat@SGX-server:~$ netstat -tuln | grep 4433
tcp        0      0 0.0.0.0:4433            0.0.0.0:*               LISTEN

• tcp: Indicates that the service is using the TCP protocol.
• 0.0.0.0:4433: Specifies that the service is listening on all available network interfaces (0.0.0.0) on port 4433.
• 0.0.0.0:*: Shows that the service is bound to port 4433 but does not specify a particular source IP address (*).
• LISTEN: Indicates that the service is in the listening state, meaning it's actively accepting incoming connections on port 4433.

It means the port wasn't occupied. it's actively accepting incoming connections.