Informix

Am I the only one annoyed by this? When an SSL connection to the CM fails, you get messages like this:

09:27:34 listener accept new fd failed:network error = -28014 cannot initialize GSKit secure socket/GSK_ERROR_SOCKET_CLOSED (GSKit:420)09:33:17 listener accept new fd failed:network error = -28014 cannot initialize GSKit secure socket/GSK_ERROR_SOCKET_CLOSED (GSKit:420)09:42:58 listener accept new fd failed:network error = -28014 cannot initialize GSKit secure socket/GSK_ERROR_SOCKET_CLOSED (GSKit:420)09:50:14 listener accept new fd failed:network error = -28014 cannot initialize GSKit secure socket/GSK_ERROR_SOCKET_CLOSED (GSKit:420)09:54:34 listener accept new fd failed:network error = -28014 cannot initialize GSKit secure socket/GSK_ERROR_SOCKET_CLOSED (GSKit:420)

Now, I happen to know from experience that the error means the client doesn't like the CM's trust chain certificate and is closing the connection because of it, but that's beside the point. The point is, who's the client? The CM isn't bothering to tell us. What SLA are they trying to connect to? CM can't be bothered to tell us that, either. Not even if you set DEBUG=9, by the way.

What's frustrating is that if you set LOG=1 and the connection is successful, the CM does give you this information, so it's clear that it has it. But on a failed connection it doesn't give you any of that information. It would be super useful to track down the offender and fix them or at least stop them trying to connect. But I've got no way to know. All I know is that someone, somewhere, is failing.

I've got to think this would take all of ten minutes to fix. I opened a feature request for this a couple of years ago but it went nowhere.

/EndRant

Hi,

I know security people do not like to log nformation on connecton fallures for fear of giving information to an attacker!

Log a new feature request and I will upvote it.

Regards,
David.

Am I the only one annoyed by this? When an SSL connection to the CM fails, you get messages like this:

09:27:34 listener accept new fd failed:network error = -28014 cannot initialize GSKit secure socket/GSK_ERROR_SOCKET_CLOSED (GSKit:420)09:33:17 listener accept new fd failed:network error = -28014 cannot initialize GSKit secure socket/GSK_ERROR_SOCKET_CLOSED (GSKit:420)09:42:58 listener accept new fd failed:network error = -28014 cannot initialize GSKit secure socket/GSK_ERROR_SOCKET_CLOSED (GSKit:420)09:50:14 listener accept new fd failed:network error = -28014 cannot initialize GSKit secure socket/GSK_ERROR_SOCKET_CLOSED (GSKit:420)09:54:34 listener accept new fd failed:network error = -28014 cannot initialize GSKit secure socket/GSK_ERROR_SOCKET_CLOSED (GSKit:420)

Now, I happen to know from experience that the error means the client doesn't like the CM's trust chain certificate and is closing the connection because of it, but that's beside the point. The point is, who's the client? The CM isn't bothering to tell us. What SLA are they trying to connect to? CM can't be bothered to tell us that, either. Not even if you set DEBUG=9, by the way.

What's frustrating is that if you set LOG=1 and the connection is successful, the CM does give you this information, so it's clear that it has it. But on a failed connection it doesn't give you any of that information. It would be super useful to track down the offender and fix them or at least stop them trying to connect. But I've got no way to know. All I know is that someone, somewhere, is failing.

I've got to think this would take all of ten minutes to fix. I opened a feature request for this a couple of years ago but it went nowhere.

/EndRant

Hi,

I know security people do not like to log nformation on connecton fallures for fear of giving information to an attacker!

Log a new feature request and I will upvote it.

Regards,
David.

Am I the only one annoyed by this? When an SSL connection to the CM fails, you get messages like this:

09:27:34 listener accept new fd failed:network error = -28014 cannot initialize GSKit secure socket/GSK_ERROR_SOCKET_CLOSED (GSKit:420)09:33:17 listener accept new fd failed:network error = -28014 cannot initialize GSKit secure socket/GSK_ERROR_SOCKET_CLOSED (GSKit:420)09:42:58 listener accept new fd failed:network error = -28014 cannot initialize GSKit secure socket/GSK_ERROR_SOCKET_CLOSED (GSKit:420)09:50:14 listener accept new fd failed:network error = -28014 cannot initialize GSKit secure socket/GSK_ERROR_SOCKET_CLOSED (GSKit:420)09:54:34 listener accept new fd failed:network error = -28014 cannot initialize GSKit secure socket/GSK_ERROR_SOCKET_CLOSED (GSKit:420)

Now, I happen to know from experience that the error means the client doesn't like the CM's trust chain certificate and is closing the connection because of it, but that's beside the point. The point is, who's the client? The CM isn't bothering to tell us. What SLA are they trying to connect to? CM can't be bothered to tell us that, either. Not even if you set DEBUG=9, by the way.

What's frustrating is that if you set LOG=1 and the connection is successful, the CM does give you this information, so it's clear that it has it. But on a failed connection it doesn't give you any of that information. It would be super useful to track down the offender and fix them or at least stop them trying to connect. But I've got no way to know. All I know is that someone, somewhere, is failing.

I've got to think this would take all of ten minutes to fix. I opened a feature request for this a couple of years ago but it went nowhere.

/EndRant

Hi Tom,

I'd consider this a defect and logged it as on - feel free to 'push' it through a case if important to you.

BR,

 Andreas

Hi,

I know security people do not like to log nformation on connecton fallures for fear of giving information to an attacker!

Log a new feature request and I will upvote it.

Regards,
David.

Am I the only one annoyed by this? When an SSL connection to the CM fails, you get messages like this:

09:27:34 listener accept new fd failed:network error = -28014 cannot initialize GSKit secure socket/GSK_ERROR_SOCKET_CLOSED (GSKit:420)09:33:17 listener accept new fd failed:network error = -28014 cannot initialize GSKit secure socket/GSK_ERROR_SOCKET_CLOSED (GSKit:420)09:42:58 listener accept new fd failed:network error = -28014 cannot initialize GSKit secure socket/GSK_ERROR_SOCKET_CLOSED (GSKit:420)09:50:14 listener accept new fd failed:network error = -28014 cannot initialize GSKit secure socket/GSK_ERROR_SOCKET_CLOSED (GSKit:420)09:54:34 listener accept new fd failed:network error = -28014 cannot initialize GSKit secure socket/GSK_ERROR_SOCKET_CLOSED (GSKit:420)

Now, I happen to know from experience that the error means the client doesn't like the CM's trust chain certificate and is closing the connection because of it, but that's beside the point. The point is, who's the client? The CM isn't bothering to tell us. What SLA are they trying to connect to? CM can't be bothered to tell us that, either. Not even if you set DEBUG=9, by the way.

What's frustrating is that if you set LOG=1 and the connection is successful, the CM does give you this information, so it's clear that it has it. But on a failed connection it doesn't give you any of that information. It would be super useful to track down the offender and fix them or at least stop them trying to connect. But I've got no way to know. All I know is that someone, somewhere, is failing.

I've got to think this would take all of ten minutes to fix. I opened a feature request for this a couple of years ago but it went nowhere.

/EndRant

Hi Tom,

I'd consider this a defect and logged it as on - feel free to 'push' it through a case if important to you.

BR,

 Andreas

Hi,

I know security people do not like to log nformation on connecton fallures for fear of giving information to an attacker!

Log a new feature request and I will upvote it.

Regards,
David.

Am I the only one annoyed by this? When an SSL connection to the CM fails, you get messages like this:

09:27:34 listener accept new fd failed:network error = -28014 cannot initialize GSKit secure socket/GSK_ERROR_SOCKET_CLOSED (GSKit:420)09:33:17 listener accept new fd failed:network error = -28014 cannot initialize GSKit secure socket/GSK_ERROR_SOCKET_CLOSED (GSKit:420)09:42:58 listener accept new fd failed:network error = -28014 cannot initialize GSKit secure socket/GSK_ERROR_SOCKET_CLOSED (GSKit:420)09:50:14 listener accept new fd failed:network error = -28014 cannot initialize GSKit secure socket/GSK_ERROR_SOCKET_CLOSED (GSKit:420)09:54:34 listener accept new fd failed:network error = -28014 cannot initialize GSKit secure socket/GSK_ERROR_SOCKET_CLOSED (GSKit:420)

Now, I happen to know from experience that the error means the client doesn't like the CM's trust chain certificate and is closing the connection because of it, but that's beside the point. The point is, who's the client? The CM isn't bothering to tell us. What SLA are they trying to connect to? CM can't be bothered to tell us that, either. Not even if you set DEBUG=9, by the way.

What's frustrating is that if you set LOG=1 and the connection is successful, the CM does give you this information, so it's clear that it has it. But on a failed connection it doesn't give you any of that information. It would be super useful to track down the offender and fix them or at least stop them trying to connect. But I've got no way to know. All I know is that someone, somewhere, is failing.

I've got to think this would take all of ten minutes to fix. I opened a feature request for this a couple of years ago but it went nowhere.

/EndRant