Client / Server communication issues

[Nathanael D. Noblet]

Hello,

   So I've continued the last few days trying to get a dracut module 
working with mandos. I've run into a couple of issues.

   #1 - It seems the mandos client never stops trying to communicate 
with a server. There seems to be only two ways for the client to end 
communications - receiving a SIGTERM or getting the password. It would 
seem good if we could ask the client to cease communicating after a 
certain number of attempts. The current dracut crypt module passes a 
number of tries for both the plymouth and consoles. One thing to note 
this applies more to the long term servers like CentOS and friends. As 
such I've created a patch as a proof of concept. I actually haven't 
tested it because I'm getting stuck on the issue below. However for 
dracut it might be nice to die after a configurable number of tries.

   #2 - I seem to have tls handshake issues depending on what 
client/server is being used. Originally I thought I had everything fixed 
by removing some of the lines in the default priority on the server so 
that it was only SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP. This seemed to 
allow a ubuntu client to talk to a fedora server. The same server has a 
handshake issue when a centos client tries talking to it. The client is 
running 1.6.2. Oddly enough that very same client can successfully talk 
to a CentOS server. Everything is running 1.6.2 except for ubuntu which 
has 1.6.0.

Server		Ubuntu(1.6.0)	Centos(1.6.2)
F20(1.6.2)	Yes		No
CentOS(1.6.2)	Yes		Yes

Thoughts?


-- 
Nathanael d. Noblet
t 403.875.4613
-------------- next part --------------
A non-text attachment was scrubbed...
Name: quit-after-tries.diff
Type: text/x-patch
Size: 1578 bytes
Desc: not available
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20131125/b84692be/attachment.bin>