[Pkg-cups-devel] Bug#633080: cups: TLS encryption not working
Ian Zimmerman
itz at ahiker.homeip.net
Fri Jul 8 06:59:32 UTC 2011
Package: cups
Version: 1.4.6-9
Severity: normal
*** Please type your report below this line ***
Trying to print with the lp command line client from a remote host
over SSL, I get this on the client:
lp: Error - scheduler not responding!
and this in the server error log:
E [07/Jul/2011:23:08:18 -0700] Unable to encrypt connection from 192.168.1.101 - A record packet with illegal version was received.
E [07/Jul/2011:23:08:18 -0700] Unable to encrypt connection from 192.168.1.101 - A record packet with illegal version was received.
(there seem to be 2 such logs for each of my connection attempts).
my cupsd.conf should be attached.
P.S. I tried regenerating the keys (after removing them) with
make-ssl-cert generate-default-snakeoil
no effect on the problem.
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.39-2-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages cups depends on:
ii adduser 3.113 add and remove users and groups
ii bc 1.06.95-2 The GNU bc arbitrary precision cal
ii cups-client 1.4.6-9 Common UNIX Printing System(tm) -
ii cups-common 1.4.6-9 Common UNIX Printing System(tm) -
ii cups-ppdc 1.4.6-9 Common UNIX Printing System(tm) -
ii debconf [debconf-2.0] 1.5.40 Debian configuration management sy
ii ghostscript 9.02~dfsg-2 interpreter for the PostScript lan
ii libavahi-client3 0.6.30-3 Avahi client library
ii libavahi-common3 0.6.30-3 Avahi common library
ii libc6 2.13-7 Embedded GNU C Library: Shared lib
ii libcups2 1.4.6-9 Common UNIX Printing System(tm) -
ii libcupscgi1 1.4.6-9 Common UNIX Printing System(tm) -
ii libcupsdriver1 1.4.6-9 Common UNIX Printing System(tm) -
ii libcupsimage2 1.4.6-9 Common UNIX Printing System(tm) -
ii libcupsmime1 1.4.6-9 Common UNIX Printing System(tm) -
ii libcupsppdc1 1.4.6-9 Common UNIX Printing System(tm) -
ii libdbus-1-3 1.4.12-2 simple interprocess messaging syst
ii libgcc1 1:4.6.1-1 GCC support library
ii libgnutls26 2.10.5-2 the GNU TLS library - runtime libr
ii libgssapi-krb5-2 1.9.1+dfsg-1 MIT Kerberos runtime libraries - k
ii libijs-0.35 0.35-7 IJS raster image transport protoco
ii libkrb5-3 1.9.1+dfsg-1 MIT Kerberos runtime libraries
ii liblcms1 1.18.dfsg-1.2+b4 Color management library
ii libldap-2.4-2 2.4.25-1+b1 OpenLDAP libraries
ii libpam0g 1.1.3-2 Pluggable Authentication Modules l
ii libpaper1 1.1.24+nmu1 library for handling paper charact
ii libpoppler5 0.12.4-1.2 PDF rendering library
ii libslp1 1.2.1-7.8 OpenSLP libraries
ii libstdc++6 4.6.1-1 GNU Standard C++ Library v3
ii libusb-0.1-4 2:0.1.12-17 userspace USB programming library
ii lsb-base 3.2-27 Linux Standard Base 3.2 init scrip
ii poppler-utils 0.12.4-1.2 PDF utilitites (based on libpopple
ii procps 1:3.2.8-10 /proc file system utilities
ii ssl-cert 1.0.28 simple debconf wrapper for OpenSSL
ii ttf-freefont 20100919-1 Freefont Serif, Sans and Mono True
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages cups recommends:
pn avahi-daemon <none> (no description available)
pn cups-driver-gutenprint <none> (no description available)
pn foomatic-filters <none> (no description available)
ii ghostscript-cups 9.02~dfsg-2 interpreter for the PostScript lan
Versions of packages cups suggests:
pn cups-bsd <none> (no description available)
pn cups-pdf <none> (no description available)
pn foomatic-db-compressed-ppds | <none> (no description available)
pn hplip <none> (no description available)
pn smbclient <none> (no description available)
ii udev 171-1 /dev/ and hotplug management daemo
-- Configuration Files:
/etc/cups/cupsd.conf changed:
LogLevel warn
MaxLogSize 0
SystemGroup lpadmin
ServerKey /etc/cups/ssl/server.key
ServerCertificate /etc/cups/ssl/server.crt
Listen /var/run/cups/cups.sock
SSLListen 0.0.0.0:631
Browsing Off
BrowseOrder allow,deny
BrowseAllow all
BrowseLocalProtocols CUPS dnssd
DefaultAuthType Basic
<Location />
Order allow,deny
Allow @LOCAL
</Location>
<Location /admin>
Order allow,deny
Allow @LOCAL
</Location>
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
</Location>
<Policy default>
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
<Policy authenticated>
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Default
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
-- debconf information:
cupsys/raw-print: true
cupsys/backend: ipp, lpd, parallel, scsi, serial, socket, usb, snmp, dnssd
More information about the Pkg-cups-devel
mailing list