error 114

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

error 114

russellbell
        fetchmail fails when openssl reports an error 114 (I think)

stat("/etc/ssl/certs/4a6481c9.0", {st_mode=S_IFREG|0644, st_size=1354, ...}) = 0
openat(AT_FDCWD, "/etc/ssl/certs/4a6481c9.0", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=1354, ...}) = 0
read(4, "-----BEGIN CERTIFICATE-----\nMIID"..., 4096) = 1354
read(4, "", 4096)                       = 0
close(4)                                = 0
stat("/etc/ssl/certs/4a6481c9.1", 0x7ffefc274100) = -1 ENOENT (No such file or directory)
write(1, "fetchmail: SSL verify callback d"..., 71) = 71
write(1, "fetchmail: Certificate chain, fr"..., 70) = 70
write(1, "fetchmail: Issuer Organization: "..., 43) = 43
write(1, "fetchmail: Issuer CommonName: Gl"..., 41) = 41
write(1, "fetchmail: Subject CommonName: G"..., 42) = 42
write(1, "fetchmail: SSL verify callback d"..., 71) = 71
write(1, "fetchmail: Certificate at depth "..., 35) = 35
write(1, "fetchmail: Issuer Organization: "..., 43) = 43
write(1, "fetchmail: Issuer CommonName: Gl"..., 41) = 41
write(1, "fetchmail: Subject CommonName: G"..., 42) = 42
write(1, "fetchmail: SSL verify callback d"..., 71) = 71
write(1, "fetchmail: Server certificate:\n", 31) = 31
write(1, "fetchmail: Issuer Organization: "..., 54) = 54
write(1, "fetchmail: Issuer CommonName: GT"..., 41) = 41
write(1, "fetchmail: Subject CommonName: p"..., 45) = 45
write(1, "fetchmail: Subject Alternative N"..., 51) = 51
write(1, "fetchmail: pop.gmail.com key fin"..., 90) = 90
fstat(2, {st_mode=S_IFREG|0644, st_size=6732357, ...}) = 0
write(2, "fetchmail: pop.gmail.com fingerp"..., 52) = 52
write(3, "\25\3\3\0\2\2P", 7)           = 7
write(2, "fetchmail: OpenSSL reported: err"..., 114) = 114


        What is an error 114?  Why does openssl look for
/etc/ssl/certs/4a6481c9.1 ?  All the hashes for my certs end in .0

        Linux kernel 5.3.2, Slackware latest, fetchmail 6.4.1, OpenSSL 1.1.1d  10 Sep 2019


russell bell
Reply | Threaded
Open this post in threaded view
|

Re: error 114

Vitezslav Cizek
V Thu, 3 Oct 2019 06:32:48 -0600
<[hidden email]> napsáno:

> fetchmail fails when openssl reports an error 114 (I think)

Actually it doesn't.

> stat("/etc/ssl/certs/4a6481c9.0", {st_mode=S_IFREG|0644,
> st_size=1354, ...}) = 0 openat(AT_FDCWD, "/etc/ssl/certs/4a6481c9.0",
> O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0644, st_size=1354, ...}) = 0
> read(4, "-----BEGIN CERTIFICATE-----\nMIID"..., 4096) = 1354
> read(4, "", 4096)                       = 0
> close(4)                                = 0
> stat("/etc/ssl/certs/4a6481c9.1", 0x7ffefc274100) = -1 ENOENT (No
> such file or directory) write(1, "fetchmail: SSL verify callback
> d"..., 71) = 71 write(1, "fetchmail: Certificate chain, fr"..., 70) =
> 70 write(1, "fetchmail: Issuer Organization: "..., 43) = 43
> write(1, "fetchmail: Issuer CommonName: Gl"..., 41) = 41
> write(1, "fetchmail: Subject CommonName: G"..., 42) = 42
> write(1, "fetchmail: SSL verify callback d"..., 71) = 71
> write(1, "fetchmail: Certificate at depth "..., 35) = 35
> write(1, "fetchmail: Issuer Organization: "..., 43) = 43
> write(1, "fetchmail: Issuer CommonName: Gl"..., 41) = 41
> write(1, "fetchmail: Subject CommonName: G"..., 42) = 42
> write(1, "fetchmail: SSL verify callback d"..., 71) = 71
> write(1, "fetchmail: Server certificate:\n", 31) = 31
> write(1, "fetchmail: Issuer Organization: "..., 54) = 54
> write(1, "fetchmail: Issuer CommonName: GT"..., 41) = 41
> write(1, "fetchmail: Subject CommonName: p"..., 45) = 45
> write(1, "fetchmail: Subject Alternative N"..., 51) = 51
> write(1, "fetchmail: pop.gmail.com key fin"..., 90) = 90
> fstat(2, {st_mode=S_IFREG|0644, st_size=6732357, ...}) = 0
> write(2, "fetchmail: pop.gmail.com fingerp"..., 52) = 52
> write(3, "\25\3\3\0\2\2P", 7)           = 7
> write(2, "fetchmail: OpenSSL reported: err"..., 114) = 114
>
> What is an error 114?

114 isn't an openssl error number, it's the amount of bytes the write()
syscall wrote.
Run strace -s1024 to get the whole error string.

> Why does openssl look for
> /etc/ssl/certs/4a6481c9.1 ?  All the hashes for my certs end in .0

During c_rehash, if a certificate object has the same hash value as an
existing one, the last digit number is incremented to distinguish it.
So by looking for 4a6481c9.1, openssl is checking against a possible
conflict in the hashes.

> russell bell

  Vita

--
Vítězslav Čížek             Emergency Update Team (EMU)
                               "Consider it fixed."
Reply | Threaded
Open this post in threaded view
|

Re: error 114

OpenSSL - User mailing list
In reply to this post by russellbell
On 03/10/2019 14:32, [hidden email] wrote:

> fetchmail fails when openssl reports an error 114 (I think)
>
> stat("/etc/ssl/certs/4a6481c9.0", {st_mode=S_IFREG|0644, st_size=1354, ...}) = 0
> openat(AT_FDCWD, "/etc/ssl/certs/4a6481c9.0", O_RDONLY) = 4
> fstat(4, {st_mode=S_IFREG|0644, st_size=1354, ...}) = 0
> read(4, "-----BEGIN CERTIFICATE-----\nMIID"..., 4096) = 1354
> read(4, "", 4096)                       = 0
> close(4)                                = 0
> stat("/etc/ssl/certs/4a6481c9.1", 0x7ffefc274100) = -1 ENOENT (No such file or directory)
> write(1, "fetchmail: SSL verify callback d"..., 71) = 71
> write(1, "fetchmail: Certificate chain, fr"..., 70) = 70
> write(1, "fetchmail: Issuer Organization: "..., 43) = 43
> write(1, "fetchmail: Issuer CommonName: Gl"..., 41) = 41
> write(1, "fetchmail: Subject CommonName: G"..., 42) = 42
> write(1, "fetchmail: SSL verify callback d"..., 71) = 71
> write(1, "fetchmail: Certificate at depth "..., 35) = 35
> write(1, "fetchmail: Issuer Organization: "..., 43) = 43
> write(1, "fetchmail: Issuer CommonName: Gl"..., 41) = 41
> write(1, "fetchmail: Subject CommonName: G"..., 42) = 42
> write(1, "fetchmail: SSL verify callback d"..., 71) = 71
> write(1, "fetchmail: Server certificate:\n", 31) = 31
> write(1, "fetchmail: Issuer Organization: "..., 54) = 54
> write(1, "fetchmail: Issuer CommonName: GT"..., 41) = 41
> write(1, "fetchmail: Subject CommonName: p"..., 45) = 45
> write(1, "fetchmail: Subject Alternative N"..., 51) = 51
> write(1, "fetchmail: pop.gmail.com key fin"..., 90) = 90
> fstat(2, {st_mode=S_IFREG|0644, st_size=6732357, ...}) = 0
> write(2, "fetchmail: pop.gmail.com fingerp"..., 52) = 52
> write(3, "\25\3\3\0\2\2P", 7)           = 7
> write(2, "fetchmail: OpenSSL reported: err"..., 114) = 114
>
>
> What is an error 114?  Why does openssl look for
> /etc/ssl/certs/4a6481c9.1 ?  All the hashes for my certs end in .0
>
> Linux kernel 5.3.2, Slackware latest, fetchmail 6.4.1, OpenSSL 1.1.1d  10 Sep 2019
>
This looks like the output of running strace on fetchmail.

114 in the last line is just the number of characters in the error
message printed by fetchmail, the first 33 of those 114 characters
are "fetchmail: OpenSSL reported: err", the remaining 81 are not
shown above.

The hashed name ending in ".1" is OpenSSL looking to see if you
have more than one cert with the hash value 4a6481c9, which does
happen for some users.  If you had such a second cert, OpenSSL
wouldalso load 4a6481c9.2, then 4a6481c9.3 and so on until it
reaches a name you don't have.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded