SSL connect error on scheduler request

Message boards : Number crunching : SSL connect error on scheduler request
Message board moderation

To post messages, you must log in.

AuthorMessage
Profile Link
Avatar

Send message
Joined: 18 Sep 03
Posts: 834
Credit: 1,807,369
RAC: 0
Germany
Message 1967695 - Posted: 29 Nov 2018, 12:10:38 UTC
Last modified: 29 Nov 2018, 12:11:09 UTC

Hi, now that I have find a way to keep my "new" laptop at acceptable noise and temperature levels while crunching, I'm getting some SSL connect error on scheduler request. What's strange, the requests work fine, I just get the massage, that there was some problem.

29/11/2018 09:59:42	SETI@home	Reporting 4 completed tasks, not requesting new tasks
29/11/2018 09:59:42			[http_debug] HTTP_OP::init_post(): http://setiboinc.ssl.berkeley.edu/sah_cgi/cgi
29/11/2018 09:59:42			[http_debug] HTTP_OP::libcurl_exec(): ca-bundle set
29/11/2018 09:59:42			[http_debug] HTTP_OP::init_get(): http://boinc.berkeley.edu/download.php?xml=1
29/11/2018 09:59:42			[http_debug] HTTP_OP::libcurl_exec(): ca-bundle set
29/11/2018 09:59:42			[http_debug] [ID#0] info: timeout on name lookup is not supported
29/11/2018 09:59:42			[http_debug] [ID#0] info: About to connect() to setiboinc.ssl.berkeley.edu port 80 (#1)
29/11/2018 09:59:42			[http_debug] [ID#0] info:   Trying 208.68.240.126... 
29/11/2018 09:59:42			[http_debug] [ID#1] info: timeout on name lookup is not supported
29/11/2018 09:59:42			[http_debug] [ID#1] info: About to connect() to boinc.berkeley.edu port 80 (#2)
29/11/2018 09:59:42			[http_debug] [ID#1] info:   Trying 208.68.240.115... 
29/11/2018 09:59:42			[http_debug] [ID#0] info: Connected to setiboinc.ssl.berkeley.edu (208.68.240.126) port 80 (#1)
29/11/2018 09:59:42			[http_debug] [ID#0] Sent header to server: POST /sah_cgi/cgi HTTP/1.1
					User-Agent: BOINC client (windows_x86_64 6.10.18)
					Host: setiboinc.ssl.berkeley.edu
					Accept: */*
					Accept-Encoding: deflate, gzip
					Content-Type: application/x-www-form-urlencoded
					Content-Length: 26878
					Expect: 100-continue
29/11/2018 09:59:42			[http_debug] [ID#0] info: Expire cleared
29/11/2018 09:59:42			[http_debug] [ID#1] info: Connected to boinc.berkeley.edu (208.68.240.115) port 80 (#2)
29/11/2018 09:59:42			[http_debug] [ID#1] Sent header to server: GET /download.php?xml=1 HTTP/1.1
					User-Agent: BOINC client (windows_x86_64 6.10.18)
					Host: boinc.berkeley.edu
					Accept: */*
					Accept-Encoding: deflate, gzip
					Content-Type: application/x-www-form-urlencoded
29/11/2018 09:59:43			[http_debug] [ID#0] Received header from server: HTTP/1.1 100 Continue
29/11/2018 09:59:43			[http_debug] [ID#1] Received header from server: HTTP/1.1 301 Moved Permanently
29/11/2018 09:59:43			[http_debug] [ID#1] Received header from server: Date: Thu, 29 Nov 2018 08:59:42 GMT
29/11/2018 09:59:43			[http_debug] [ID#1] Received header from server: Server: Apache/2.2.15 (Scientific Linux)
29/11/2018 09:59:43			[http_debug] [ID#1] Received header from server: Location: https://boinc.berkeley.edu/download.php?xml=1
29/11/2018 09:59:43			[http_debug] [ID#1] Received header from server: Content-Length: 347
29/11/2018 09:59:43			[http_debug] [ID#1] Received header from server: Connection: close
29/11/2018 09:59:43			[http_debug] [ID#1] Received header from server: Content-Type: text/html; charset=iso-8859-1
29/11/2018 09:59:43			[http_debug] [ID#1] Received header from server: 
29/11/2018 09:59:43			[http_debug] [ID#1] info: Expire cleared
29/11/2018 09:59:43			[http_debug] [ID#1] info: Closing connection #2
29/11/2018 09:59:43			[http_debug] [ID#1] info: Issue another request to this URL: 'https://boinc.berkeley.edu/download.php?xml=1'
29/11/2018 09:59:43			[http_debug] [ID#1] info: timeout on name lookup is not supported
29/11/2018 09:59:43			[http_debug] [ID#1] info: About to connect() to boinc.berkeley.edu port 443 (#2)
29/11/2018 09:59:43			[http_debug] [ID#1] info:   Trying 208.68.240.115... 
29/11/2018 09:59:43			[http_debug] [ID#1] info: Connected to boinc.berkeley.edu (208.68.240.115) port 443 (#2)
29/11/2018 09:59:43			[http_debug] [ID#1] info: successfully set certificate verify locations:
29/11/2018 09:59:43			[http_debug] [ID#1] info:   CAfile: C:\Program Files\BOINC\ca-bundle.crt  CApath: none
29/11/2018 09:59:43			[http_debug] [ID#1] info: SSLv3, TLS handshake, Client hello (1):
29/11/2018 09:59:43			[http_debug] [ID#0] Received header from server: HTTP/1.1 200 OK
29/11/2018 09:59:43			[http_debug] [ID#0] Received header from server: Date: Thu, 29 Nov 2018 08:59:42 GMT
29/11/2018 09:59:43			[http_debug] [ID#0] Received header from server: Server: Apache/2.2.15 (Scientific Linux)
29/11/2018 09:59:43			[http_debug] [ID#0] Received header from server: Connection: close
29/11/2018 09:59:43			[http_debug] [ID#0] Received header from server: Transfer-Encoding: chunked
29/11/2018 09:59:43			[http_debug] [ID#0] Received header from server: Content-Type: text/xml
29/11/2018 09:59:43			[http_debug] [ID#0] Received header from server: 
29/11/2018 09:59:43			[http_debug] [ID#0] info: Expire cleared
29/11/2018 09:59:43			[http_debug] [ID#0] info: Closing connection #1
29/11/2018 09:59:43			[http_debug] [ID#1] info: SSLv3, TLS handshake, Server hello (2):
29/11/2018 09:59:43			[http_debug] [ID#1] info: SSLv3, TLS handshake, CERT (11):
29/11/2018 09:59:43			[http_debug] [ID#1] info: SSLv3, TLS alert, Server hello (2):
29/11/2018 09:59:43			[http_debug] [ID#1] info: error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm
29/11/2018 09:59:43			[http_debug] [ID#1] info: Expire cleared
29/11/2018 09:59:43			[http_debug] [ID#1] info: Closing connection #2
29/11/2018 09:59:43			[http_debug] HTTP error: SSL connect error
29/11/2018 09:59:44			Project communication failed: attempting access to reference site
29/11/2018 09:59:44			[http_debug] HTTP_OP::init_get(): http://www.google.com/
29/11/2018 09:59:44			[http_debug] HTTP_OP::libcurl_exec(): ca-bundle set
29/11/2018 09:59:44			[http_debug] [ID#2] info: Connection #0 seems to be dead!
29/11/2018 09:59:44			[http_debug] [ID#2] info: Closing connection #0
29/11/2018 09:59:44			[http_debug] [ID#2] info: timeout on name lookup is not supported
29/11/2018 09:59:44			[http_debug] [ID#2] info: About to connect() to www.google.com port 80 (#0)
29/11/2018 09:59:44			[http_debug] [ID#2] info:   Trying 216.58.207.228... 
29/11/2018 09:59:44			[http_debug] [ID#2] info: Connected to www.google.com (216.58.207.228) port 80 (#0)
29/11/2018 09:59:44			[http_debug] [ID#2] Sent header to server: GET / HTTP/1.1
					User-Agent: BOINC client (windows_x86_64 6.10.18)
					Host: www.google.com
					Accept: */*
					Accept-Encoding: deflate, gzip
					Content-Type: application/x-www-form-urlencoded
29/11/2018 09:59:44			[http_debug] [ID#2] Received header from server: HTTP/1.1 200 OK
29/11/2018 09:59:44			[http_debug] [ID#2] Received header from server: Date: Thu, 29 Nov 2018 08:59:43 GMT
29/11/2018 09:59:44			[http_debug] [ID#2] Received header from server: Expires: -1
29/11/2018 09:59:44			[http_debug] [ID#2] Received header from server: Cache-Control: private, max-age=0
29/11/2018 09:59:44			[http_debug] [ID#2] Received header from server: Content-Type: text/html; charset=ISO-8859-1
29/11/2018 09:59:44			[http_debug] [ID#2] Received header from server: P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
29/11/2018 09:59:44			[http_debug] [ID#2] Received header from server: Content-Encoding: gzip
29/11/2018 09:59:44			[http_debug] [ID#2] Received header from server: Server: gws
29/11/2018 09:59:44			[http_debug] [ID#2] Received header from server: Content-Length: 5254
29/11/2018 09:59:44			[http_debug] [ID#2] Received header from server: X-XSS-Protection: 1; mode=block
29/11/2018 09:59:44			[http_debug] [ID#2] Received header from server: X-Frame-Options: SAMEORIGIN
29/11/2018 09:59:44			[http_debug] [ID#2] Received header from server: Set-Cookie: 1P_JAR=2018-11-29-08; expires=Sat, 29-Dec-2018 08:59:43 GMT; path=/; domain=.google.com
29/11/2018 09:59:44			[http_debug] [ID#2] Received header from server: Set-Cookie: NID=148=KbgYurj5D3yWqZxGYBRCgLwafDv6VrfDcrWx2Zt6MKVXphNgNo3BEFk5LfALm-tXd3st5IC8tmOIEDKjE3asItE_Jmp9BC1G0bnauhk8i0SPeXdwh50TGOLp3S1oG9AvYPzdsOPTszkEiXDSZ6wFZqV02SBOkxlQcKM2n4cQjhM; expires=Fri, 
29/11/2018 09:59:44			[http_debug] [ID#2] Received header from server: 
29/11/2018 09:59:44			[http_debug] [ID#2] info: Expire cleared
29/11/2018 09:59:44			[http_debug] [ID#2] info: Connection #0 to host www.google.com left intact
29/11/2018 09:59:45			Internet access OK - project servers may be temporarily down.
29/11/2018 09:59:47	SETI@home	Scheduler request completed


I get the same error on scheduler requests to WUProp@Home, so it's not SETI specific.

All I found about SSL errors and BOINC was outdated ca-bundle.crt, so I have updated my to this one: https://raw.githubusercontent.com/BOINC/boinc/master/curl/ca-bundle.crt, but it didn't help.

Is my BOINC client to old? I'm using 6.10.18 on Win10 64-bit, which is my favourite version for CPU-only hosts.
ID: 1967695 · Report as offensive
rob smith Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer moderator
Volunteer tester

Send message
Joined: 7 Mar 03
Posts: 22158
Credit: 416,307,556
RAC: 380
United Kingdom
Message 1967700 - Posted: 29 Nov 2018, 12:44:08 UTC

Yes your version of BOINC is "old", but others are running similar age versions.
I think the big issue is that you appear to be using HTTP instead of HTTPS at the head of the urls, and many sites are no longer accepting the less secure version (HTTP).
Bob Smith
Member of Seti PIPPS (Pluto is a Planet Protest Society)
Somewhere in the (un)known Universe?
ID: 1967700 · Report as offensive
Profile Link
Avatar

Send message
Joined: 18 Sep 03
Posts: 834
Credit: 1,807,369
RAC: 0
Germany
Message 1967703 - Posted: 29 Nov 2018, 13:00:46 UTC - in response to Message 1967700.  
Last modified: 29 Nov 2018, 13:20:59 UTC

Well, the site actually accepts it, everything works fine, it's just the BOINC client annoying me (and the google servers) with unnecessary internet connection tests and messages in the log. On downloads and uploads there are no error messages at all, just on scheduler requests.

On the Join-Page the project URL is http://setiathome.berkeley.edu/, so not https. Same on WUProp@Home, where only clients starting from version 7.2 should use https, all older versions should use http.

Maybe I should try to reattach? Will try that on WUProp when the current WU finishes.
ID: 1967703 · Report as offensive
Richard Haselgrove Project Donor
Volunteer tester

Send message
Joined: 4 Jul 99
Posts: 14649
Credit: 200,643,578
RAC: 874
United Kingdom
Message 1967715 - Posted: 29 Nov 2018, 14:31:04 UTC

There's a problem distinguishing between the public-facing web urls (of which some projects have at least two), and the single 'Master' url which you should end up attached to.

If you attach via BOINC Manager, it sends out a call to https://setiathome.berkeley.edu/get_project_config.php, and receives the answer

<master_url>http://setiathome.berkeley.edu/</master_url>
Having done that, it makes a separate call to get the scheduler url, and should receive the answer

<scheduler_url>http://setiboinc.ssl.berkeley.edu/sah_cgi/cgi</scheduler_url>
Both of these are automatic, and you shouldn't attempt to change them.

Things can go wrong if you attach via the command line (boinccmd) or an Account Manager: in that case, you should check manually with get_project_config.php, as in my link above. If your current master and scheduler are as shown above, there's no point in re-attaching.
ID: 1967715 · Report as offensive
Profile Link
Avatar

Send message
Joined: 18 Sep 03
Posts: 834
Credit: 1,807,369
RAC: 0
Germany
Message 1967727 - Posted: 29 Nov 2018, 15:49:54 UTC - in response to Message 1967715.  

<master_url>http://setiathome.berkeley.edu/</master_url>

<scheduler_url>http://setiboinc.ssl.berkeley.edu/sah_cgi/cgi</scheduler_url>

Thanks, that's exactly what I have in my client_state.xml, so that's not the problem then. But what else can it be?
ID: 1967727 · Report as offensive
Juha
Volunteer tester

Send message
Joined: 7 Mar 04
Posts: 388
Credit: 1,857,738
RAC: 0
Finland
Message 1967783 - Posted: 29 Nov 2018, 19:02:28 UTC

You need to read the log more carefully. There's four connections in total.

1. http://setiboinc.ssl.berkeley.edu/sah_cgi/cgi

To upload results.

2. http://boinc.berkeley.edu/download.php?xml=1

To fetch version list. http://boinc.berkeley.edu/* is redirected to https://boinc.berkeley.edu/*

3. https://boinc.berkeley.edu/download.php?xml=1

Which fails because you have too old client and it doesn't support modern crypto algorithms.

4. http://www.google.com/

To test if your network connection is down.

You can change what the client does with settings like <dont_contact_ref_site> and <client_version_check_url>. In your client version both go to cc_config.xml
ID: 1967783 · Report as offensive
Profile Link
Avatar

Send message
Joined: 18 Sep 03
Posts: 834
Credit: 1,807,369
RAC: 0
Germany
Message 1967982 - Posted: 30 Nov 2018, 9:05:34 UTC - in response to Message 1967783.  

OK, <dont_contact_ref_site> removes all unwanted messages, I thought it will remove just the one for internet connection test. Maybe not a perfect solution, but it works. Thank you.
ID: 1967982 · Report as offensive
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20140
Credit: 7,508,002
RAC: 20
United Kingdom
Message 1968008 - Posted: 30 Nov 2018, 12:47:37 UTC

Possibly a silly guess...

Are the security certificates updated in your boinc client?

Or does your install of boinc use the system certificates?...

Or is the https being blocked by a firewall?


Happy cool crunchin',
Martin
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 1968008 · Report as offensive
Profile Link
Avatar

Send message
Joined: 18 Sep 03
Posts: 834
Credit: 1,807,369
RAC: 0
Germany
Message 1968026 - Posted: 30 Nov 2018, 14:53:31 UTC - in response to Message 1968008.  
Last modified: 30 Nov 2018, 14:56:07 UTC

Are the security certificates updated in your boinc client?

Yes, to this: https://raw.githubusercontent.com/BOINC/boinc/master/curl/ca-bundle.crt

Or does your install of boinc use the system certificates?...

Not on Windows AFAIK.

Or is the https being blocked by a firewall?

I'll delete the current rules for BOINC next time I reboot the system and let the firewall create new ones when BOINC starts. I don't think so since this is outgoing connection and all other traffic over HTTPS works fine, but I'll give it a try. But IIRC the rules are just for remote access to the BOINC client...
ID: 1968026 · Report as offensive

Message boards : Number crunching : SSL connect error on scheduler request


 
©2024 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.