Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

skale ssl check broken on Ubuntu 22.04 #826

Open
OleksanderSalamatov opened this issue Jan 30, 2025 · 0 comments
Open

skale ssl check broken on Ubuntu 22.04 #826

OleksanderSalamatov opened this issue Jan 30, 2025 · 0 comments
Assignees
@badrogger

Comments

@OleksanderSalamatov
Copy link

Describe the bug
skale ssl check broken on Ubuntu 22.04 because of binary imitating skaled is incompatible with new version of Ubuntu

Versions
Ubuntu 22.04
node-cli: 2.6.0-beta.3

To Reproduce
run skale ssl check on Ubuntu 22.04 (optional: have ssl cert on node)

Expected behavior
ssl check passed (or failed, if node do not have certs uploaded)

Actual behavior

/tmp/_MEItXgVg5/data/datafiles/skaled-ssl-test: error while loading shared libraries: libSegFault.so: cannot open shared object file: No such file or directory

Additional context
Full log

[2025-01-30 19:26:12,744 INFO] node_cli.core.ssl.check:110 - MainThread - Staring healthcheck server on port 4536 ...
[2025-01-30 19:26:12,744 DEBUG] node_cli.core.ssl.utils:50 - MainThread - Starting detached subprocess: ['openssl', 's_server', '-cert', '/root/.skale/node_data/ssl/ssl_cert', '-cert_chain', '/root/.skale/node_data/ssl/ssl_cert', '-key', '/root/.skale/node_data/ssl/ssl_key', '-WWW', '-accept', '127.0.0.1:4536', '-verify_return_error', '-verify', '1']
[2025-01-30 19:26:13,745 INFO] node_cli.core.ssl.check:87 - MainThread - Server successfully started
[2025-01-30 19:26:13,746 INFO] node_cli.core.ssl.check:188 - MainThread - Checking healthcheck endpoint ...
[2025-01-30 19:26:13,746 INFO] node_cli.core.ssl.check:196 - MainThread - Connecting to public ssl endpoint 127.0.0.1:4536 ...
[2025-01-30 19:26:13,747 DEBUG] node_cli.core.ssl.utils:50 - MainThread - Starting detached subprocess: ['openssl', 's_client', '-connect', '127.0.0.1:4536', '-verify_return_error', '-verify', '2']
[2025-01-30 19:26:14,749 DEBUG] node_cli.core.ssl.utils:63 - MainThread - Detached process ['openssl', 's_client', '-connect', '127.0.0.1:4536', '-verify_return_error', '-verify', '2'] output:
verify depth is 2
Can't use SSL_get_servername
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R10
verify return:1
depth=0 CN = regression-node1t.skaleserver.com
verify return:1
CONNECTED(00000003)
---
Certificate chain
 0 s:CN = regression-node1t.skaleserver.com
   i:C = US, O = Let's Encrypt, CN = R10
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan 30 18:23:04 2025 GMT; NotAfter: Apr 30 18:23:03 2025 GMT
 1 s:CN = regression-node1t.skaleserver.com
   i:C = US, O = Let's Encrypt, CN = R10
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan 30 18:23:04 2025 GMT; NotAfter: Apr 30 18:23:03 2025 GMT
 2 s:C = US, O = Let's Encrypt, CN = R10
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISBJ9lNthZOY7aN8u27IHd8RHcMA0GCSqGSIb3DQEBCwUA
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
EwNSMTAwHhcNMjUwMTMwMTgyMzA0WhcNMjUwNDMwMTgyMzAzWjAsMSowKAYDVQQD
EyFyZWdyZXNzaW9uLW5vZGUxdC5za2FsZXNlcnZlci5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQC6T7j/vDpfOUNc8sTsQJ6W0JcZmacSjfj4wOfm
qZgAzYeexp1bPjaV1iLmhaWYgDIpHgEx+7xuVf67tr9to2p+k+CbcfTQJncUGRa+
kcLYHS6l5MBipK8CeV1llMBXjkKvsLDkg46GuWrM5kh4yzVFH9dWPFebLgNkqoE2
Ct2SSyU6eAU5bo0arrS+KDazTzfYHVsEB2DD3nl3ldTSGfN3r/SbXfgekxJG5Hw7
XhlG1pzOZXFR2V5U5oJ/4SQKsxxzM1donnLQy3fAPSX7LUK2qaNVAq1d7suS7xSv
L3bdTxY8ye4GtiriswQlsYAmsaMRshHD+T2rZO6csYINa5OVAgMBAAGjggIkMIIC
IDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFN9I2M87CRaNbfrSR5Q61UYBoawpMB8G
A1UdIwQYMBaAFLu8w0el5LypxsOkcgwQjaI14cjoMFcGCCsGAQUFBwEBBEswSTAi
BggrBgEFBQcwAYYWaHR0cDovL3IxMC5vLmxlbmNyLm9yZzAjBggrBgEFBQcwAoYX
aHR0cDovL3IxMC5pLmxlbmNyLm9yZy8wLAYDVR0RBCUwI4IhcmVncmVzc2lvbi1u
b2RlMXQuc2thbGVzZXJ2ZXIuY29tMBMGA1UdIAQMMAowCAYGZ4EMAQIBMIIBAwYK
KwYBBAHWeQIEAgSB9ASB8QDvAHUAzxFW7tUufK/zh1vZaS6b6RpxZ0qwF+ysAdJb
d87MOwgAAAGUuKlb3QAABAMARjBEAiAtrNyf35cj9PubnIPuWMING0mYO7JDhLxk
32vo3oEAyAIgUdgI1qHAC+g4oo17VBzUPyNCmZ8e1lQbRc/BR7jXo8IAdgDgkrP8
DB3I52g2H95huZZNClJ4GYpy1nLEsE2lbW9UBAAAAZS4qVvKAAAEAwBHMEUCIQD0
anFie19EAQyWnSa2mdDANUVPbQEax7koihbTo80XUwIgO9Clrz7JYfZQs0pn8OJ2
xZh1v4A1hG476/L/L0SewekwDQYJKoZIhvcNAQELBQADggEBAJTzJ7Bnd1GSAr0H
l3G4LnqLF7h/NKgVl7sD+WAZEH/sv2TkxI0T+obHgMi9l44pKYefxKRe+gnMprTx
dOO6napJ8UuDoa+NVKmdhPm7a4VSvrSIwOXdkZdBX7FZoxTnetY9x/r79YizsOfa
bYhGrkwgjV0Nije7P1K/tw3cVsIhH8nPCB9dG0qivQsm9d7GK3u+rir9eMhQ8hFP
nbwekrQUIpR7F13MTuh2eAi/1mkNGwTZw3DUk5gOtQtPm2qoROz7dcDulAzEnNMm
4Pf2WKv6ofyLPo79Qis9V4wC13osWdYmk84E+WZPxsCMQfE6gXOO05V1q919FsJq
MfgthN0=
-----END CERTIFICATE-----
subject=CN = regression-node1t.skaleserver.com
issuer=C = US, O = Let's Encrypt, CN = R10
---
No client certificate CA names sent
Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4524 bytes and written 407 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

[2025-01-30 19:26:14,750 INFO] node_cli.core.ssl.check:96 - MainThread - Healthcheck connection passed
[2025-01-30 19:26:14,751 DEBUG] node_cli.core.ssl.utils:63 - MainThread - Detached process ['openssl', 's_server', '-cert', '/root/.skale/node_data/ssl/ssl_cert', '-cert_chain', '/root/.skale/node_data/ssl/ssl_cert', '-key', '/root/.skale/node_data/ssl/ssl_key', '-WWW', '-accept', '127.0.0.1:4536', '-verify_return_error', '-verify', '1'] output:
verify depth is 1
Using default temp DH parameters
ACCEPT
40775C43567F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:../ssl/record/rec_layer_s3.c:322:

[2025-01-30 19:26:14,751 DEBUG] node_cli.core.ssl.utils:50 - MainThread - Starting detached subprocess: ['/tmp/_MEItXgVg5/data/datafiles/skaled-ssl-test', '--ssl-cert', '/root/.skale/node_data/ssl/ssl_cert', '--ssl-key', '/root/.skale/node_data/ssl/ssl_key', '--bind', '127.0.0.1', '--port', '4536']
[2025-01-30 19:26:15,752 INFO] node_cli.core.ssl.check:147 - MainThread - Skaled https check server successfully started
[2025-01-30 19:26:15,752 DEBUG] node_cli.core.ssl.utils:63 - MainThread - Detached process ['/tmp/_MEItXgVg5/data/datafiles/skaled-ssl-test', '--ssl-cert', '/root/.skale/node_data/ssl/ssl_cert', '--ssl-key', '/root/.skale/node_data/ssl/ssl_key', '--bind', '127.0.0.1', '--port', '4536'] output:
/tmp/_MEItXgVg5/data/datafiles/skaled-ssl-test: error while loading shared libraries: libSegFault.so: cannot open shared object file: No such file or directory

[2025-01-30 19:26:15,753 DEBUG] node_cli.core.ssl.utils:50 - MainThread - Starting detached subprocess: ['/tmp/_MEItXgVg5/data/datafiles/skaled-ssl-test', '--ssl-cert', '/root/.skale/node_data/ssl/ssl_cert', '--ssl-key', '/root/.skale/node_data/ssl/ssl_key', '--bind', '127.0.0.1', '--port', '4536', '--proto', 'wss', '--echo']
[2025-01-30 19:26:19,754 ERROR] node_cli.core.ssl.check:174 - MainThread - Skaled wss check server was failed to start
[2025-01-30 19:26:19,755 DEBUG] node_cli.core.ssl.utils:63 - MainThread - Detached process ['/tmp/_MEItXgVg5/data/datafiles/skaled-ssl-test', '--ssl-cert', '/root/.skale/node_data/ssl/ssl_cert', '--ssl-key', '/root/.skale/node_data/ssl/ssl_key', '--bind', '127.0.0.1', '--port', '4536', '--proto', 'wss', '--echo'] output:
/tmp/_MEItXgVg5/data/datafiles/skaled-ssl-test: error while loading shared libraries: libSegFault.so: cannot open shared object file: No such file or directory

[2025-01-30 19:26:19,755 ERROR] node_cli.core.ssl.check:63 - MainThread - Certificate/key pair is incorrect for skaled
Traceback (most recent call last):
  File "node_cli/core/ssl/check.py", line 58, in check_cert
  File "node_cli/core/ssl/check.py", line 127, in check_cert_skaled
  File "node_cli/core/ssl/check.py", line 175, in run_skaled_wss_healthcheck
node_cli.core.ssl.check.SSLHealthcheckError: Skaled wss check was failed
[2025-01-30 19:27:02,205 DEBUG] __main__:117 - MainThread - cmd: /usr/local/bin/skale lvmpy heal --yes, v.2.6.0
@OleksanderSalamatov OleksanderSalamatov added the bug Something isn't working label Jan 30, 2025
@DmytroNazarenko DmytroNazarenko removed the bug Something isn't working label Jan 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@badrogger badrogger

Labels
None yet
Projects
SKALE Engineering 🚀
Status: No status
Milestone
No milestone
Development

No branches or pull requests
3 participants
@badrogger @DmytroNazarenko @OleksanderSalamatov