3

I'm using rudder 3.0.x on Raspbian (RPi v2) and I get some strange errors sometime.

I'm trying to understand this error message: "EVP_DecryptFinal_ex: error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length".

I'm using WiFi mesh network with Internet access over mobile network so the connection is not the best of ever but I'm able to make a ping to rudder server + dns resolution so it was working during the "rudder agent update". 

@xxx-xxxxx:~$ sudo rudder agent update
2015-07-17T16:40:44+0200    error: /default/update/methods/'update'/default/update_action/files/'/var/rudder/ncf/local'[0]: Timeout - remote end did not respond with the expected amount of data (received=0, expecting=8). (recv: Resource temporarily unavailable)
2015-07-17T16:41:14+0200    error: /default/update/methods/'update'/default/update_action/files/'/var/rudder/ncf/local'[0]: Timeout - remote end did not respond with the expected amount of data (received=0, expecting=8). (recv: Resource temporarily unavailable)
^[[B2015-07-17T16:42:36+0200    error: /default/update/methods/'update'/default/update_action/files/'/var/rudder/cfengine-community/inputs'[0]: Timeout - remote end did not respond with the expected amount of data (received=0, expecting=8). (recv: Resource temporarily unavailable)
2015-07-17T16:42:48+0200    error: /default/update/methods/'update'/default/update_action/files/'/var/rudder/cfengine-community/inputs'[0]: Failed to decrypt at final of cipher length 70. (EVP_DecryptFinal_ex: error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length)
2015-07-17T16:42:48+0200    error: /default/update/methods/'update'/default/update_action/files/'/var/rudder/cfengine-community/inputs'[0]: Failed to decrypt at final of cipher length 3. (EVP_DecryptFinal_ex: error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length)
Jonathan Clarke
  • 1,657
  • 2
  • 11
  • 25
frbayart
  • 327
  • 2
  • 8

1 Answers1

2

This is a OpenSSL error; the agent is failing to decrypt the message from the server ( see http://openssl.6102.n7.nabble.com/error-0606506D-td6186.html ) because it doesn't have the proper length. If the network is unreliable, it is likely that connexion was interrupted during transfer, and end of message was lost.

Youcould also try to compare the OpenSSL version on the agent (that you built yourself) and on the server. I don't think it could be an incompatibility issue (i believe it would be consistently failling), but it could be worth double-checking

Nicolas Charles
  • 725
  • 5
  • 11