SSL errors on icat and consumer servers

[Sanju Timsina]

Hello,

I am getting these SSL error on icat and the resource(consumer) server.

**********************************************************************

Icat logs

 remote addresses: <database-ip>, <consumer-ip> ERROR: [-]     /repos/irods/server/core/src/rodsAgent.cpp:566:int runIrodsAgentFactory(sockaddr_un) :  status [SSL_SHUTDOWN_ERROR]  errno [] -- message [failed to call 'agent stop']

        [-]     /repos/irods/lib/core/src/sockComm.cpp:160:irods::error sockAgentStop(irods::network_object_ptr) :  status [SSL_SHUTDOWN_ERROR]  errno [] -- message [failed to call 'agent stop']

                [-]     /repos/irods/plugins/network/ssl/libssl.cpp:952:irods::error ssl_agent_stop(irods::plugin_context &) :  status [SSL_SHUTDOWN_ERROR]  errno [] -- message [error completing shutdown of SSL connection]

***********************************************************************

resource server logs

<icat-server-ip> ERROR: [-]   /repos/irods/server/core/src/rsApiHandler.cpp:542:int readAndProcClientMsg(rsComm_t *, int) :  status [SYS_HEADER_READ_LEN_ERR]  errno [] -- message [failed to call 'read header']

        [-]     /repos/irods/lib/core/src/sockComm.cpp:198:irods::error readMsgHeader(irods::network_object_ptr, msgHeader_t *, struct timeval *) :  status [SYS_HEADER_READ_LEN_ERR]  errno [] -- message [failed to call 'read header']

                [-]     /repos/irods/plugins/network/ssl/libssl.cpp:572:irods::error ssl_read_msg_header(irods::plugin_context &, void *, struct timeval *) :  status [SYS_HEADER_READ_LEN_ERR]  errno [] -- message [read 0 expected 4]

ERROR: [-]  /repos/irods/server/core/src/rodsAgent.cpp:566:int runIrodsAgentFactory(sockaddr_un) :  status [SSL_SHUTDOWN_ERROR]  errno [] -- message [failed to call 'agent stop']

        [-]     /repos/irods/lib/core/src/sockComm.cpp:160:irods::error sockAgentStop(irods::network_object_ptr) :  status [SSL_SHUTDOWN_ERROR]  errno [] -- message [failed to call 'agent stop']

                [-]     /repos/irods/plugins/network/ssl/libssl.cpp:952:irods::error ssl_agent_stop(irods::plugin_context &) :  status [SSL_SHUTDOWN_ERROR]  errno [] -- message [error completing shutdown of SSL connection]

Any idea what is causing these SSL issues? Where should I look to debug these?

Thank you,

Sanju

[Kory Draughn]

Hi Sanju,

Has anything regarding SSL changed recently?

Has a certificate changed in any way? Expired?

Have you tried rebooting the servers to see if the behavior changes?

Kory Draughn

Chief Technologist

iRODS Consortium

--
--
The Integrated Rule-Oriented Data System (iRODS) - https://irods.org
 
iROD-Chat: http://groups.google.com/group/iROD-Chat
---
You received this message because you are subscribed to the Google Groups "iRODS-Chat" group.
To unsubscribe from this group and stop receiving emails from it, send an email to irod-chat+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/irod-chat/a92f85fc-34b7-4f47-8cc4-0201b839d7ean%40googlegroups.com.

[Paul van Schayck]

Hi Sanju,

Do you have clients using the python-irodsclient? They may not be closing the connection correctly.

Cheers,

Paul

[Sanju Timsina]

Hi Paul,

Yes, we use the python-irodsclient. The server where we use python-irods client does not show in logs.

But we will do the session cleanup and see if that resolves the SSL error logs.

Thank you,

Sanju

[Sanju Timsina]

Hi Kory,

We have new SSL certificates since they expired. We will try to reboot the server during maintenance and see the changes.

We have database key-value pairs on /etc/irods/server_config.json file on resource servers. Just checking if that affects anything.

"database": {

            "mysql": {

}}

Thank you,

Sanju

[Paul van Schayck]

i Sanju,

Yes please try that. It could be something similar as:

https://github.com/irods/python-irodsclient/issues/316

We also had to deal with this in the past, where the ref counter to the iRODS session object in Python would not decrease due to keeping a wrong reference intact. Not harmful, but this meant the session was never shutdown automatically by Python.

Hope that helps.

Cheers,

Pau