CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: error -12281

well.. . the error is from mod_ssl, but I agree that it is unhelpful (try searching google for "\x80g\x01\x03"). We're putting all of this in our faq so other users with the same mod_ssl problem will hopefully be able to find an answer easily.

In fact, I'm putting it in our faq ... right ... this ... very ... minute. :)


On Mar 17, 2004, at 8:12 PM, Sam Noble wrote:

	Fair enough. If I restrict my HTTP queries to using https I don't
get any remarkable error numbers. In fact, things seem to be working
relatively smoothly. helloCosign is reaffirming my identity (isn't that
always nice? :))

	Thanks. I guess that cosign protected services need to simply
reject non-ssl queries to avoid this most unhelpful error.

On Wed, Mar 17, 2004 at 06:11:49PM -0500, kevin mcgowan wrote:
This line: - - [17/Mar/2004:14:30:21 -0800] "\x80g\x01\x03" 200 4779

suggests maybe a client is trying to talk https on a non-encrypted port. and the line before it says:

which suggests the same thing. Are you trying to host a cosign service
over http? This is definitely something we've talked about enabling,
but it is precluded by default (since the cookie would be replayable
and easily sniffed).

One other thing is that the CosignService setting:

CosignService cosign-reed

doesn't need to include the "cosign-" since we'll append that. This
will prevent service names like 'cosign-cosign-reed.' This won't cause
any problems, of course, but it is worth knowing, I think.


On Mar 17, 2004, at 5:45 PM, Sam Noble wrote:

	Hopefully my problem is obvious, but I seem to have run into a
wall configuring cosign for my site.

	I don't know if this -12281 error is a Mozilla error code,
something apache understands, or something specific to cosign.
IE doesn't bother giving me an error code at all (in fact, I get the
page that looks like DNS problems from IE). Mozilla (well, firefox)
reports that " has sent an incorrect or unexpect
message" and then presents me with this error code.

	As best I can tell, I've followed the cosign installation

	I tried running cosignd in debug mode:

Something similar is shown on stdout whenever I try to access a cosign
protected page (and I get this -12281 error as well).

My apache 2 access_log looks like the following: - - [17/Mar/2004:14:30:20 -0800] "GET /test/test.html
HTTP/1.1" 302 403 - - [17/Mar/2004:14:30:20 -0800] "GET
sb8UjiE2aK7t50Kt6gWVrrrZqSi9W22+W9Sp4fSiYESEkV9NjHJPjonT394hbIzHlwaPQ G+
HTTP/1.1" 302 227 - - [17/Mar/2004:14:30:21 -0800] "\x80g\x01\x03" 200 4779

The error log doesn't seem to say a whole lot -- although once in a
I see:
[Wed Mar 17 14:27:37 2004] [error] [client] net_check: 3:
534 CHECK: Who me? Dunno.

These errors don't typically correspond to the major error I receive
whenever I try to look at a cosign protected page.

strace'ing the cosign daemon doesn't reveal any smoking guns.

I use the following in my httpd.conf:

CosignProtected On
CosignCrypto /var/cosign/certs/key.pem /var/cosign/certs/cert.pem
CosignService cosign-reed

And my (self-signed) ssl certs check out okay.

	Is there anything else I can/should take a look at to diagnose
my problem?

... "In, as you say, the mud." ...


... "In, as you say, the mud." ...

Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010