search

painless-security / trust-router

Moonshot Trust Router
0 stars 0 forks source link

"Connection reset by peer" Error When Authenticating #16

Open jennifer-richards opened 6 years ago

jennifer-richards commented 6 years ago

Occasionally, we get a "Connection reset by peer" when authenticating. This has only happened (so far) in cases were subsequent authentications work, so it may have to do with state priming and/or the potential failure is close to completing the authentication.

Subsequent attempts work.

Here is a section of the log where it happens:

Opening TIDC connection to tr.qa.painless-security.com:0
Waking up in 0.3 seconds.
gss_connect: Connecting to host 'tr.qa.painless-security.com' on port 12309
Waking up in 0.4 seconds.
Waking up in 0.7 seconds.
Waking up in 1.1 seconds.
Waking up in 1.6 seconds.
Waking up in 2.5 seconds.
tidc_fwd_request: Sending TID request:

{"msg_type": "tid_request", "msg_body": {"rp_realm": "yankees.com", "dh_info": {"dh_p": "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF", "dh_g": "02", "dh_pub_key": "8A7195FF0B554595F33900ADC4560A2006A2F63ACFF89DEADF599701D03C8FAD2EAB5C04DC49A6D3BE887112B594879848BD295365F378D5B2A1B4AE1E278B24FC8105170E3F0EA17EE57002F2A2D3CDF645544AFAACD2DD2C6085187325097B9B226BD04D8227EE47C9BDFD569AEE542783EF0D396E8B63D6FFC2FE1021C4BDFE513A80ECC0E985D950354C93DA0C18339020D3228A2E0A1DFAB2BC6F958929E07EF9A9A582A53456A554C39130023D33A37BA673BFE986ACF43B2E2F2481F607EE686B73400151A7A9B67BA836E31C348037ECBD2D7D7589E2CC17E8416A401DA03914E873B92C05965667C19E3838CE7996D278C144B5E854244EF3EF93AB"}, "target_realm": "is.evil4.us", "community": "ov-apc.communities.moonshot.ja.net"}}

ReadBuffer failed: Connection reset by peer (err = 104)
ReadToken failed: Connection reset by peer (err = 104)
ReadToken failed: Connection reset by peer (err = 104)
Error in tidc_send_request, rc = -1.
(7) suffix: No such realm "is.evil4.us"

Launchpad Details: #LP1694466 Mark Donnelly - 2017-05-30 15:31:20 +0000

jennifer-richards commented 6 years ago

A small discussion about this can be found at https://github.com/painless-security/moonshot-portal/issues/775, where it was originally reported.

Launchpad Details: #LPC Mark Donnelly - 2017-05-30 15:32:04 +0000

alejandro-perez commented 6 years ago

This should've been fixed with the TR rekeying suport that I implemented in FR and that was accepted upstream and shipped in version 3.0.16. See my comment on painless-security/moonshot-portal#775