Re: error 114

Vitezslav Cizek <vcizek@xxxxxxxx> · Thu, 3 Oct 2019 15:04:05 +0200

V Thu, 3 Oct 2019 06:32:48 -0600
<russellbell@xxxxxxxxx> napsáno:

> 	fetchmail fails when openssl reports an error 114 (I think)

Actually it doesn't.

> stat("/etc/ssl/certs/4a6481c9.0", {st_mode=S_IFREG|0644,
> st_size=1354, ...}) = 0 openat(AT_FDCWD, "/etc/ssl/certs/4a6481c9.0",
> O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0644, st_size=1354, ...}) = 0
> read(4, "-----BEGIN CERTIFICATE-----\nMIID"..., 4096) = 1354
> read(4, "", 4096)                       = 0
> close(4)                                = 0
> stat("/etc/ssl/certs/4a6481c9.1", 0x7ffefc274100) = -1 ENOENT (No
> such file or directory) write(1, "fetchmail: SSL verify callback
> d"..., 71) = 71 write(1, "fetchmail: Certificate chain, fr"..., 70) =
> 70 write(1, "fetchmail: Issuer Organization: "..., 43) = 43
> write(1, "fetchmail: Issuer CommonName: Gl"..., 41) = 41
> write(1, "fetchmail: Subject CommonName: G"..., 42) = 42
> write(1, "fetchmail: SSL verify callback d"..., 71) = 71
> write(1, "fetchmail: Certificate at depth "..., 35) = 35
> write(1, "fetchmail: Issuer Organization: "..., 43) = 43
> write(1, "fetchmail: Issuer CommonName: Gl"..., 41) = 41
> write(1, "fetchmail: Subject CommonName: G"..., 42) = 42
> write(1, "fetchmail: SSL verify callback d"..., 71) = 71
> write(1, "fetchmail: Server certificate:\n", 31) = 31
> write(1, "fetchmail: Issuer Organization: "..., 54) = 54
> write(1, "fetchmail: Issuer CommonName: GT"..., 41) = 41
> write(1, "fetchmail: Subject CommonName: p"..., 45) = 45
> write(1, "fetchmail: Subject Alternative N"..., 51) = 51
> write(1, "fetchmail: pop.gmail.com key fin"..., 90) = 90
> fstat(2, {st_mode=S_IFREG|0644, st_size=6732357, ...}) = 0
> write(2, "fetchmail: pop.gmail.com fingerp"..., 52) = 52
> write(3, "\25\3\3\0\2\2P", 7)           = 7
> write(2, "fetchmail: OpenSSL reported: err"..., 114) = 114
> 
> 	What is an error 114?

114 isn't an openssl error number, it's the amount of bytes the write()
syscall wrote.
Run strace -s1024 to get the whole error string. 

> 	Why does openssl look for
> /etc/ssl/certs/4a6481c9.1 ?  All the hashes for my certs end in .0

During c_rehash, if a certificate object has the same hash value as an
existing one, the last digit number is incremented to distinguish it.
So by looking for 4a6481c9.1, openssl is checking against a possible
conflict in the hashes.

> russell bell

  Vita

-- 
Vítězslav Čížek             Emergency Update Team (EMU)
                               "Consider it fixed."