SSL connect error on scheduler request

Author	Message
Link Send message Joined: 18 Sep 03 Posts: 834 Credit: 1,807,369 RAC: 0	Message 1967695 - Posted: 29 Nov 2018, 12:10:38 UTC Last modified: 29 Nov 2018, 12:11:09 UTC Hi, now that I have find a way to keep my "new" laptop at acceptable noise and temperature levels while crunching, I'm getting some SSL connect error on scheduler request. What's strange, the requests work fine, I just get the massage, that there was some problem. 29/11/2018 09:59:42 SETI@home Reporting 4 completed tasks, not requesting new tasks 29/11/2018 09:59:42 [http_debug] HTTP_OP::init_post(): http://setiboinc.ssl.berkeley.edu/sah_cgi/cgi 29/11/2018 09:59:42 [http_debug] HTTP_OP::libcurl_exec(): ca-bundle set 29/11/2018 09:59:42 [http_debug] HTTP_OP::init_get(): http://boinc.berkeley.edu/download.php?xml=1 29/11/2018 09:59:42 [http_debug] HTTP_OP::libcurl_exec(): ca-bundle set 29/11/2018 09:59:42 [http_debug] [ID#0] info: timeout on name lookup is not supported 29/11/2018 09:59:42 [http_debug] [ID#0] info: About to connect() to setiboinc.ssl.berkeley.edu port 80 (#1) 29/11/2018 09:59:42 [http_debug] [ID#0] info: Trying 208.68.240.126... 29/11/2018 09:59:42 [http_debug] [ID#1] info: timeout on name lookup is not supported 29/11/2018 09:59:42 [http_debug] [ID#1] info: About to connect() to boinc.berkeley.edu port 80 (#2) 29/11/2018 09:59:42 [http_debug] [ID#1] info: Trying 208.68.240.115... 29/11/2018 09:59:42 [http_debug] [ID#0] info: Connected to setiboinc.ssl.berkeley.edu (208.68.240.126) port 80 (#1) 29/11/2018 09:59:42 [http_debug] [ID#0] Sent header to server: POST /sah_cgi/cgi HTTP/1.1 User-Agent: BOINC client (windows_x86_64 6.10.18) Host: setiboinc.ssl.berkeley.edu Accept: / Accept-Encoding: deflate, gzip Content-Type: application/x-www-form-urlencoded Content-Length: 26878 Expect: 100-continue 29/11/2018 09:59:42 [http_debug] [ID#0] info: Expire cleared 29/11/2018 09:59:42 [http_debug] [ID#1] info: Connected to boinc.berkeley.edu (208.68.240.115) port 80 (#2) 29/11/2018 09:59:42 [http_debug] [ID#1] Sent header to server: GET /download.php?xml=1 HTTP/1.1 User-Agent: BOINC client (windows_x86_64 6.10.18) Host: boinc.berkeley.edu Accept: / Accept-Encoding: deflate, gzip Content-Type: application/x-www-form-urlencoded 29/11/2018 09:59:43 [http_debug] [ID#0] Received header from server: HTTP/1.1 100 Continue 29/11/2018 09:59:43 [http_debug] [ID#1] Received header from server: HTTP/1.1 301 Moved Permanently 29/11/2018 09:59:43 [http_debug] [ID#1] Received header from server: Date: Thu, 29 Nov 2018 08:59:42 GMT 29/11/2018 09:59:43 [http_debug] [ID#1] Received header from server: Server: Apache/2.2.15 (Scientific Linux) 29/11/2018 09:59:43 [http_debug] [ID#1] Received header from server: Location: https://boinc.berkeley.edu/download.php?xml=1 29/11/2018 09:59:43 [http_debug] [ID#1] Received header from server: Content-Length: 347 29/11/2018 09:59:43 [http_debug] [ID#1] Received header from server: Connection: close 29/11/2018 09:59:43 [http_debug] [ID#1] Received header from server: Content-Type: text/html; charset=iso-8859-1 29/11/2018 09:59:43 [http_debug] [ID#1] Received header from server: 29/11/2018 09:59:43 [http_debug] [ID#1] info: Expire cleared 29/11/2018 09:59:43 [http_debug] [ID#1] info: Closing connection #2 29/11/2018 09:59:43 [http_debug] [ID#1] info: Issue another request to this URL: 'https://boinc.berkeley.edu/download.php?xml=1' 29/11/2018 09:59:43 [http_debug] [ID#1] info: timeout on name lookup is not supported 29/11/2018 09:59:43 [http_debug] [ID#1] info: About to connect() to boinc.berkeley.edu port 443 (#2) 29/11/2018 09:59:43 [http_debug] [ID#1] info: Trying 208.68.240.115... 29/11/2018 09:59:43 [http_debug] [ID#1] info: Connected to boinc.berkeley.edu (208.68.240.115) port 443 (#2) 29/11/2018 09:59:43 [http_debug] [ID#1] info: successfully set certificate verify locations: 29/11/2018 09:59:43 [http_debug] [ID#1] info: CAfile: C:\Program Files\BOINC\ca-bundle.crt CApath: none 29/11/2018 09:59:43 [http_debug] [ID#1] info: SSLv3, TLS handshake, Client hello (1): 29/11/2018 09:59:43 [http_debug] [ID#0] Received header from server: HTTP/1.1 200 OK 29/11/2018 09:59:43 [http_debug] [ID#0] Received header from server: Date: Thu, 29 Nov 2018 08:59:42 GMT 29/11/2018 09:59:43 [http_debug] [ID#0] Received header from server: Server: Apache/2.2.15 (Scientific Linux) 29/11/2018 09:59:43 [http_debug] [ID#0] Received header from server: Connection: close 29/11/2018 09:59:43 [http_debug] [ID#0] Received header from server: Transfer-Encoding: chunked 29/11/2018 09:59:43 [http_debug] [ID#0] Received header from server: Content-Type: text/xml 29/11/2018 09:59:43 [http_debug] [ID#0] Received header from server: 29/11/2018 09:59:43 [http_debug] [ID#0] info: Expire cleared 29/11/2018 09:59:43 [http_debug] [ID#0] info: Closing connection #1 29/11/2018 09:59:43 [http_debug] [ID#1] info: SSLv3, TLS handshake, Server hello (2): 29/11/2018 09:59:43 [http_debug] [ID#1] info: SSLv3, TLS handshake, CERT (11): 29/11/2018 09:59:43 [http_debug] [ID#1] info: SSLv3, TLS alert, Server hello (2): 29/11/2018 09:59:43 [http_debug] [ID#1] info: error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm 29/11/2018 09:59:43 [http_debug] [ID#1] info: Expire cleared 29/11/2018 09:59:43 [http_debug] [ID#1] info: Closing connection #2 29/11/2018 09:59:43 [http_debug] HTTP error: SSL connect error 29/11/2018 09:59:44 Project communication failed: attempting access to reference site 29/11/2018 09:59:44 [http_debug] HTTP_OP::init_get(): http://www.google.com/ 29/11/2018 09:59:44 [http_debug] HTTP_OP::libcurl_exec(): ca-bundle set 29/11/2018 09:59:44 [http_debug] [ID#2] info: Connection #0 seems to be dead! 29/11/2018 09:59:44 [http_debug] [ID#2] info: Closing connection #0 29/11/2018 09:59:44 [http_debug] [ID#2] info: timeout on name lookup is not supported 29/11/2018 09:59:44 [http_debug] [ID#2] info: About to connect() to www.google.com port 80 (#0) 29/11/2018 09:59:44 [http_debug] [ID#2] info: Trying 216.58.207.228... 29/11/2018 09:59:44 [http_debug] [ID#2] info: Connected to www.google.com (216.58.207.228) port 80 (#0) 29/11/2018 09:59:44 [http_debug] [ID#2] Sent header to server: GET / HTTP/1.1 User-Agent: BOINC client (windows_x86_64 6.10.18) Host: www.google.com Accept: / Accept-Encoding: deflate, gzip Content-Type: application/x-www-form-urlencoded 29/11/2018 09:59:44 [http_debug] [ID#2] Received header from server: HTTP/1.1 200 OK 29/11/2018 09:59:44 [http_debug] [ID#2] Received header from server: Date: Thu, 29 Nov 2018 08:59:43 GMT 29/11/2018 09:59:44 [http_debug] [ID#2] Received header from server: Expires: -1 29/11/2018 09:59:44 [http_debug] [ID#2] Received header from server: Cache-Control: private, max-age=0 29/11/2018 09:59:44 [http_debug] [ID#2] Received header from server: Content-Type: text/html; charset=ISO-8859-1 29/11/2018 09:59:44 [http_debug] [ID#2] Received header from server: P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." 29/11/2018 09:59:44 [http_debug] [ID#2] Received header from server: Content-Encoding: gzip 29/11/2018 09:59:44 [http_debug] [ID#2] Received header from server: Server: gws 29/11/2018 09:59:44 [http_debug] [ID#2] Received header from server: Content-Length: 5254 29/11/2018 09:59:44 [http_debug] [ID#2] Received header from server: X-XSS-Protection: 1; mode=block 29/11/2018 09:59:44 [http_debug] [ID#2] Received header from server: X-Frame-Options: SAMEORIGIN 29/11/2018 09:59:44 [http_debug] [ID#2] Received header from server: Set-Cookie: 1P_JAR=2018-11-29-08; expires=Sat, 29-Dec-2018 08:59:43 GMT; path=/; domain=.google.com 29/11/2018 09:59:44 [http_debug] [ID#2] Received header from server: Set-Cookie: NID=148=KbgYurj5D3yWqZxGYBRCgLwafDv6VrfDcrWx2Zt6MKVXphNgNo3BEFk5LfALm-tXd3st5IC8tmOIEDKjE3asItE_Jmp9BC1G0bnauhk8i0SPeXdwh50TGOLp3S1oG9AvYPzdsOPTszkEiXDSZ6wFZqV02SBOkxlQcKM2n4cQjhM; expires=Fri, 29/11/2018 09:59:44 [http_debug] [ID#2] Received header from server: 29/11/2018 09:59:44 [http_debug] [ID#2] info: Expire cleared 29/11/2018 09:59:44 [http_debug] [ID#2] info: Connection #0 to host www.google.com left intact 29/11/2018 09:59:45 Internet access OK - project servers may be temporarily down. 29/11/2018 09:59:47 SETI@home Scheduler request completed I get the same error on scheduler requests to WUProp@Home, so it's not SETI specific. All I found about SSL errors and BOINC was outdated ca-bundle.crt, so I have updated my to this one: https://raw.githubusercontent.com/BOINC/boinc/master/curl/ca-bundle.crt, but it didn't help. Is my BOINC client to old? I'm using 6.10.18 on Win10 64-bit, which is my favourite version for CPU-only hosts. ID: 1967695 ·

rob smith Volunteer moderator Volunteer tester Send message Joined: 7 Mar 03 Posts: 22737 Credit: 416,307,556 RAC: 380	Message 1967700 - Posted: 29 Nov 2018, 12:44:08 UTC Yes your version of BOINC is "old", but others are running similar age versions. I think the big issue is that you appear to be using HTTP instead of HTTPS at the head of the urls, and many sites are no longer accepting the less secure version (HTTP). Bob Smith Member of Seti PIPPS (Pluto is a Planet Protest Society) Somewhere in the (un)known Universe? ID: 1967700 ·

Link Send message Joined: 18 Sep 03 Posts: 834 Credit: 1,807,369 RAC: 0	Message 1967703 - Posted: 29 Nov 2018, 13:00:46 UTC - in response to Message 1967700. Last modified: 29 Nov 2018, 13:20:59 UTC Well, the site actually accepts it, everything works fine, it's just the BOINC client annoying me (and the google servers) with unnecessary internet connection tests and messages in the log. On downloads and uploads there are no error messages at all, just on scheduler requests. On the Join-Page the project URL is http://setiathome.berkeley.edu/, so not https. Same on WUProp@Home, where only clients starting from version 7.2 should use https, all older versions should use http. Maybe I should try to reattach? Will try that on WUProp when the current WU finishes. ID: 1967703 ·

Richard Haselgrove Volunteer tester Send message Joined: 4 Jul 99 Posts: 14690 Credit: 200,643,578 RAC: 874	Message 1967715 - Posted: 29 Nov 2018, 14:31:04 UTC There's a problem distinguishing between the public-facing web urls (of which some projects have at least two), and the single 'Master' url which you should end up attached to. If you attach via BOINC Manager, it sends out a call to https://setiathome.berkeley.edu/get_project_config.php, and receives the answer <master_url>http://setiathome.berkeley.edu/</master_url> Having done that, it makes a separate call to get the scheduler url, and should receive the answer <scheduler_url>http://setiboinc.ssl.berkeley.edu/sah_cgi/cgi</scheduler_url> Both of these are automatic, and you shouldn't attempt to change them. Things can go wrong if you attach via the command line (boinccmd) or an Account Manager: in that case, you should check manually with get_project_config.php, as in my link above. If your current master and scheduler are as shown above, there's no point in re-attaching. ID: 1967715 ·

Link Send message Joined: 18 Sep 03 Posts: 834 Credit: 1,807,369 RAC: 0	Message 1967727 - Posted: 29 Nov 2018, 15:49:54 UTC - in response to Message 1967715. <master_url>http://setiathome.berkeley.edu/</master_url> <scheduler_url>http://setiboinc.ssl.berkeley.edu/sah_cgi/cgi</scheduler_url> Thanks, that's exactly what I have in my client_state.xml, so that's not the problem then. But what else can it be? ID: 1967727 ·

Juha Volunteer tester Send message Joined: 7 Mar 04 Posts: 388 Credit: 1,857,738 RAC: 0	Message 1967783 - Posted: 29 Nov 2018, 19:02:28 UTC You need to read the log more carefully. There's four connections in total. 1. http://setiboinc.ssl.berkeley.edu/sah_cgi/cgi To upload results. 2. http://boinc.berkeley.edu/download.php?xml=1 To fetch version list. http://boinc.berkeley.edu/* is redirected to https://boinc.berkeley.edu/* 3. https://boinc.berkeley.edu/download.php?xml=1 Which fails because you have too old client and it doesn't support modern crypto algorithms. 4. http://www.google.com/ To test if your network connection is down. You can change what the client does with settings like <dont_contact_ref_site> and <client_version_check_url>. In your client version both go to cc_config.xml ID: 1967783 ·

Link Send message Joined: 18 Sep 03 Posts: 834 Credit: 1,807,369 RAC: 0	Message 1967982 - Posted: 30 Nov 2018, 9:05:34 UTC - in response to Message 1967783. OK, <dont_contact_ref_site> removes all unwanted messages, I thought it will remove just the one for internet connection test. Maybe not a perfect solution, but it works. Thank you. ID: 1967982 ·

ML1 Volunteer moderator Volunteer tester Send message Joined: 25 Nov 01 Posts: 21687 Credit: 7,508,002 RAC: 20	Message 1968008 - Posted: 30 Nov 2018, 12:47:37 UTC Possibly a silly guess... Are the security certificates updated in your boinc client? Or does your install of boinc use the system certificates?... Or is the https being blocked by a firewall? Happy cool crunchin', Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) ID: 1968008 ·

Link Send message Joined: 18 Sep 03 Posts: 834 Credit: 1,807,369 RAC: 0	Message 1968026 - Posted: 30 Nov 2018, 14:53:31 UTC - in response to Message 1968008. Last modified: 30 Nov 2018, 14:56:07 UTC Are the security certificates updated in your boinc client? Yes, to this: https://raw.githubusercontent.com/BOINC/boinc/master/curl/ca-bundle.crt Or does your install of boinc use the system certificates?... Not on Windows AFAIK. Or is the https being blocked by a firewall? I'll delete the current rules for BOINC next time I reboot the system and let the firewall create new ones when BOINC starts. I don't think so since this is outgoing connection and all other traffic over HTTPS works fine, but I'll give it a try. But IIRC the rules are just for remote access to the BOINC client... ID: 1968026 ·

©2025 University of California

SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.