[Box Backup] EVP Error while running bbackupd

Ben Summers boxbackup@fluffy.co.uk
Tue, 21 Dec 2004 17:40:20 +0000


It sounds like when you replaced the certificates, you also replaced 
the key file. Since the account on the server had already been used 
with a setup with a different key file, when it attempted to download 
information it failed to decrypt it.

Detection of this issue and a nice warning message explaining what's 
happened will appear in the next version.

Remember, if you get the wrong key file, you can't access your backups. 
The setup utilities aren't joking when they say you need to take a 
proper backup of that file. The certificates can be replaced, the key 
file cannot.

I'm glad it's all working now.

Ben




On 21 Dec 2004, at 17:33, Peter Buecker wrote:

> Hello Ben,
>
> 1) The time was not synchronised between client and server (also CA), 
> when I set up the client and the server. It was like one hour off. 
> After correcting the time, the probem was not yet solved.
>
> 2) Only host3 had been setup to use account 0x3. I tried using a 
> different random account number (0x3039) with new keys, which finally 
> succeeded. Then, I went back to the old account-number, which now 
> works.
>
> So this means that I have to resign the keys when the time was not in 
> sync in the first place? I read about how important time-sync was in 
> the documentation, but did not realise that it is necessary to resign 
> the keys.
>
> Thanks for your help and the great piece of software!
>
> Peter Buecker
>
> Ben Summers wrote:
>> 1) Check that the times are syncronised between client, server and 
>> the machine which signed the certificates.
>> 2) Check that you haven't accidently tried to use the same account 
>> number on two machines.
>> Ben
>> On 21 Dec 2004, at 15:35, Peter Buecker wrote:
>>> Hello,
>>>
>>> I recently installed boxbackup-0.09 on a OpenBSD-3.6-stable system 
>>> (called backup-server here). I set up 7 backup-clients. However, 
>>> only 6 work as expected.
>>>
>>> When running bbackupd on the remaining one (host3), bbackupd 
>>> complains about failing to decrypt (via syslog):
>>>
>>> "Dec 21 16:31:11 host3 bbackupd[13553]: SSL err during Read: 
>>> error:06065064:digital envelope routines:EVP_DecryptFinal:bad 
>>> decrypt
>>> Dec 21 16:31:11 host3 bbackupd[13553]: SSL err during Read: 
>>> error:06065064:digital envelope routines:EVP_DecryptFinal:bad 
>>> decrypt
>>> Dec 21 16:31:11 host3 bbackupd[13553]: Exception caught (5/6), reset 
>>> state and waiting to retry..."
>>>
>>> At the same time, the backup-server logs the following:
>>> "Dec 21 16:31:11 backup-server bbstored[1147]: in server child, 
>>> exception Connection Protocol_Timeout (Probably a network issue 
>>> between client and server.) (7/41) -- terminating child"
>>>
>>>
>>>
>>> The certificate request for host3 has been signed on backup-server 
>>> and copied to /etc/box/bbackupd/ on host3 in the same way we did it 
>>> on the other 6 hosts.
>>> Connectivity is okay, since I can telnet to port 2201 on 
>>> backup-server from host3. I can also run bbackupquery on host3. It 
>>> logs in perfectly:
>>>
>>> "bash-3.00# bbackupquery
>>> Box Backup Query Tool v0.09, (c) Ben Summers 2003, 2004
>>> Using configuration file /etc/box/bbackupd.conf
>>> Connecting to store...
>>> Handshake with store...
>>> Login to store...
>>> Login complete.
>>>
>>> Type "help" for a list of commands.
>>>
>>> query >"
>>>
>>> Upon typing 'ls', it exits with the following error message:
>>>
>>> "query > ls
>>> Exception: Cipher EVPFinalFailure (5/6)
>>> bash-3.00#"
>>>
>>> I tried using the debug-build of bbackupquery and bbackupd, to no 
>>> avail. I also deleted /etc/box and rerun bbackupd-config to generate 
>>> new keys and new configuration files, without success.
>>> Any suggestions on what might be going wrong with this machine?
>>>
>>> Thanks,
>>> Peter Buecker
>
> _______________________________________________
> boxbackup mailing list
> boxbackup@fluffy.co.uk
> http://lists.warhead.org.uk/mailman/listinfo/boxbackup
>