transport: authentication handshake failed: remote error: tls: internal error

[sgielen]

*** RUFS encountered some issues showing this directory: ***
failed to readdir on peer sjors-charmander@rufs.hashru.nl, ignoring: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: remote error: tls: internal error"
failed to readdir on peer quis-t-x@rufs.hashru.nl, ignoring: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: remote error: tls: internal error"

[Jille]

We saw this happen while I was registering quis-t-x. sjors-charmander has misconfigured endpoints, so it points at the same host.

The fact that quis-t-x shows up here means it has a Connect stream open to the discovery server.

Our one hypothesis so far is that quis-t-x wasn't registered yet, so didn't have a single certificate in the TLS server on port 12010. However, that should've been impossible because we call content.SwapKeyPairs() before connecting to the new discovery server.

[Jille]

New hypothesis: The discovery server thought that quis-t-x was still connected because it was previously connected and there is no good way to detect that clients disconnected if we're not writing to the stream.

So this error was from before quis-t-x (re)connected to the discovery server, at which point it's WAI that the TLS server doesn't have certificates yet.

[Jille]

29 is solved, I think we're confident enough we understand we can close this.