From owner-freebsd-current@freebsd.org Tue Jan 22 12:15:52 2019 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 235B014BB03F for ; Tue, 22 Jan 2019 12:15:52 +0000 (UTC) (envelope-from tijl@freebsd.org) Received: from mailrelay118.isp.belgacom.be (mailrelay118.isp.belgacom.be [195.238.20.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "relay.skynet.be", Issuer "GlobalSign Organization Validation CA - SHA256 - G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5862A8996D for ; Tue, 22 Jan 2019 12:15:51 +0000 (UTC) (envelope-from tijl@freebsd.org) X-Belgacom-Dynamic: yes IronPort-PHdr: =?us-ascii?q?9a23=3AvLmnjhabK/ZpAOx1xnuV9JX/LSx+4OfEezUN45?= =?us-ascii?q?9isYplN5qZr825bnLW6fgltlLVR4KTs6sC17KG9fi4EUU7or+5+EgYd5JNUx?= =?us-ascii?q?JXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQ?= =?us-ascii?q?viPgRpOOv1BpTSj8Oq3Oyu5pHfeQpFiCa+bL9oMBm6sRjau9ULj4dlNqs/0A?= =?us-ascii?q?bCrGFSe+RRy2NoJFaTkAj568yt4pNt8Dletuw4+cJYXqr0Y6o3TbpDDDQ7KG?= =?us-ascii?q?81/9HktQPCTQSU+HQRVHgdnwdSDAjE6BH6WYrxsjf/u+Fg1iSWIdH6QLYpUj?= =?us-ascii?q?m58axlVAHnhzsGNz4h8WHYlMpwjL5AoBm8oxBz2pPYbJ2JOPZ7eK7WYNEUSn?= =?us-ascii?q?dbXstJWSJPAp2yYZYMAeUDM+ZXoJXyqVQVoBuiHAmgGP/jxiNUinL026Axzu?= =?us-ascii?q?QvERvB3AwlB98ArnHWrNHoP6oMVuC1y7LIwivGb/xM3zf985XDfxc9ofGNX7?= =?us-ascii?q?JwddHcx0k1FwzbkFqdtJHrMT2P2uQKqWib4PNtWOSygGAprAFxpyKgxsYqio?= =?us-ascii?q?TRmo0V10jE9T5jzIYyP924R0h2asOnHptIryyXNIl7TtkjTmxnoio3yLwLtY?= =?us-ascii?q?SlcCQUxpkqwQPUZeadfIiS+B3jUf6cITJ/hH14Zr2ynw2y8U28yu3kUcm0zU?= =?us-ascii?q?pKojJFktbSsnAN0ATe6sudRft5/0eh3CiA1xrU6u1ePUA0lKjbK5o7zrEskZ?= =?us-ascii?q?oTtl/DETHzmErsiq+WbV8o+u+y6+Toernmp5mcOJFoigzmMakjmNazDOU3Pw?= =?us-ascii?q?QUXWWW+P6w2KP98UD3WLlKi+c5kqjdsJDUP8Qboau5DhdJ0oYi6Ra/Cyyr0N?= =?us-ascii?q?oCnXYZMl1KYwmHgJXzN1HJOvD4Au+zg06wnzdz2/DGIrrhD43DLnjZjrjuY6?= =?us-ascii?q?1y61VBxwYq0d9f+ohUCqsfL/L1Rk/8r9LYDgUnPAOq2OnnE8hy2pkZWWKVDa?= =?us-ascii?q?/KeJ/V5BWvoKoPKvOQYYYTvny1f/9j5/f0kXown1k1YqCtxocedGz+Ge5pdR?= =?us-ascii?q?a3e33p1+vmFS8huQ0lQenjjkbKBSJSZXKacbgx6xsAJMShF4iVFdPlu6CIwC?= =?us-ascii?q?ruRs4eXWtBEF3ZVC6wL4g=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2A1AADaCEdc/99MQFdkHAEBAQQBAQc?= =?us-ascii?q?EAQGBUQcBAQsBAYICZnASJ4QBiBpfiwoBAYIMNQGJZo1lgXsohFECgmcjNAk?= =?us-ascii?q?NAQMBAQIBAQIBbBwMQgEMAYFqKQGCZwEFIzMjEAsYAgIFIQICDyoeBhODI4I?= =?us-ascii?q?FrEKBL4kYgQ6BC4sYNYF/gRGDEoJvgXwWgwmCVwKQCpIWCYckimskgWZOhGC?= =?us-ascii?q?LAIFIgluDAYNokVc4gVZNMAiDJwmCSIgJQ4RjXT4DMAGDJYd3AQE?= X-IPAS-Result: =?us-ascii?q?A2A1AADaCEdc/99MQFdkHAEBAQQBAQcEAQGBUQcBAQsBA?= =?us-ascii?q?YICZnASJ4QBiBpfiwoBAYIMNQGJZo1lgXsohFECgmcjNAkNAQMBAQIBAQIBb?= =?us-ascii?q?BwMQgEMAYFqKQGCZwEFIzMjEAsYAgIFIQICDyoeBhODI4IFrEKBL4kYgQ6BC?= =?us-ascii?q?4sYNYF/gRGDEoJvgXwWgwmCVwKQCpIWCYckimskgWZOhGCLAIFIgluDAYNok?= =?us-ascii?q?Vc4gVZNMAiDJwmCSIgJQ4RjXT4DMAGDJYd3AQE?= Received: from 223.76-64-87.adsl-dyn.isp.belgacom.be (HELO kalimero.tijl.coosemans.org) ([87.64.76.223]) by relay.skynet.be with ESMTP; 22 Jan 2019 13:15:44 +0100 Received: from kalimero.tijl.coosemans.org (kalimero.tijl.coosemans.org [127.0.0.1]) by kalimero.tijl.coosemans.org (8.15.2/8.15.2) with ESMTP id x0MCFhn3046414; Tue, 22 Jan 2019 13:15:43 +0100 (CET) (envelope-from tijl@FreeBSD.org) Date: Tue, 22 Jan 2019 13:15:43 +0100 From: =?UTF-8?B?VMSzbA==?= Coosemans To: "O. Hartmann" Cc: freebsd-current Subject: Re: CUPS: [Client 1] Unable to encrypt connection: An illegal parameter has been received. Message-ID: <20190122131536.42d2423e@kalimero.tijl.coosemans.org> In-Reply-To: <20190121210106.4b335ffa@thor.intern.walstatt.dynvpn.de> References: <20190116152328.3edb2f74@freyja.lan101.bundesimmobilien.intern> <20190116183336.6aa7bdde@kalimero.tijl.coosemans.org> <20190121210106.4b335ffa@thor.intern.walstatt.dynvpn.de> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 5862A8996D X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.98 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; NEURAL_HAM_SHORT(-0.98)[-0.979,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; ASN(0.00)[asn:5432, ipnet:195.238.0.0/19, country:BE] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Jan 2019 12:15:52 -0000 On Mon, 21 Jan 2019 21:00:39 +0100 "O. Hartmann" = wrote: > Am Wed, 16 Jan 2019 18:33:36 +0100 > T=C4=B3l Coosemans schrieb: >> On Wed, 16 Jan 2019 15:23:40 +0100 "O. Hartmann" wrote: =20 >>> We have an experimental IPV6 network and within this network, FreebSD C= URRENT >>> (r343087) is acting as a CUPS print server, while a bunch FreeBSD 12-ST= ABLE >>> boxes are CUPS clients. >>>=20 >>> The setup, so far, worked with IPv4. Introducing IPv6 addresses on both= server >>> and host results in the error >>>=20 >>> [Client 1] Unable to encrypt connection: An illegal parameter has been = received. >>>=20 >>> In file cups/client.conf we address the appropriate printer via >>>=20 >>> ipps://xxx.xxx.xxx.xxx/printers/printer_name (IPv4 of the CUPS server h= ost) >>>=20 >>> This works fine. >>>=20 >>> But ipps://[XXXX:XXXX:XXXX::XXXX]/printers/printer_name (IPv6 of the CU= PS >>> server host) doesn't work and results in the error on the server as sho= wn above. >>>=20 >>> I fiddled also around with the SSLOption parameter in client.conf and p= arallel, >>> to match requiremets, in cups/cupsd.conf of the server host - with no e= ffect. >>>=20 >>> On the server side, it seems that all the documents I could pick up from >>> cups.org or Apple do not specify any IPv6 address in an "Allow from" st= atement: >>> everything seems to be stuck with IPv4. While the cupsd.conf SSLListen = option >>> is for IPv6 >>>=20 >>> SSLListen [fd01:dead:beef::affe]:631 >>>=20 >>> which works, I get an error when trying to put anything IPv6-similar wi= th the >>> convention with the brackets "[" and "]" in a "Allow from" option in the >>> sections where I need to restrict access. An IPv6 without "[" and "]" s= eems to >>> be accepted - but when coemmnting out ANY IPv4 address and leaving only= IPV6 in >>> the "Allow from " statement, no remote connection is allowed. >>>=20 >>> This drives me nuts. Since the aim will be to have a printing facility = within a >>> IPv6 only network, I feel a bit lost. >>>=20 >>> Does anyone have had similar problems? =20 >>=20 >> What you're supposed to do instead is run a cupsd on the client and add >> the print server as a network printer (using your ipps URI). When you >> have to choose the make of the printer choose Raw so you don't need a >> PPD and cupsd will forward the job to the server without doing any >> filtering. You can set this up on one client and then copy the cups >> configuration in /usr/local/etc/cups to the other clients. Running a >> local cupsd allows clients to queue print jobs when the print server is >> down. =20 >=20 > I had those settings on the client system, too: reference printer is > ipps://host.name/printers/print_queue_name, but not with "RAW" filter. I = changed that. >=20 > While I'm able to print CUPS testpages via the web interface on the CUPS = server system > itself, I still receive=20 >=20 > [Client 1] Unable to encrypt connection: An illegal parameter has been re= ceived. >=20 > in the log file on the CUPS server, when the satellite/client system trie= s to connect to > the CUPS print queue. I've just committed WITH_DEBUG support to print/cups (r490938) so please update your ports tree and rebuild and reinstall cups on the print server using "make WITH_DEBUG=3Dyes install". Then run cupsd like this: env CUPS_DEBUG_LOG=3D"/tmp/cups.debug" CUPS_DEBUG_LEVEL=3D"9" cupsd Then try to connect from the client. /tmp/cups.debug should now contain "An illegal parameter has been received" but with more context.