Date: Tue, 22 Jan 2019 13:15:43 +0100 From: =?UTF-8?B?VMSzbA==?= Coosemans <tijl@FreeBSD.org> To: "O. Hartmann" <o.hartmann@walstatt.org> Cc: freebsd-current <freebsd-current@freebsd.org> Subject: Re: CUPS: [Client 1] Unable to encrypt connection: An illegal parameter has been received. Message-ID: <20190122131536.42d2423e@kalimero.tijl.coosemans.org> In-Reply-To: <20190121210106.4b335ffa@thor.intern.walstatt.dynvpn.de> References: <20190116152328.3edb2f74@freyja.lan101.bundesimmobilien.intern> <20190116183336.6aa7bdde@kalimero.tijl.coosemans.org> <20190121210106.4b335ffa@thor.intern.walstatt.dynvpn.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 21 Jan 2019 21:00:39 +0100 "O. Hartmann" <o.hartmann@walstatt.org> = wrote: > Am Wed, 16 Jan 2019 18:33:36 +0100 > T=C4=B3l Coosemans <tijl@FreeBSD.org> schrieb: >> On Wed, 16 Jan 2019 15:23:40 +0100 "O. Hartmann" <ohartmann@walstatt.org= > wrote: =20 >>> We have an experimental IPV6 network and within this network, FreebSD C= URRENT >>> (r343087) is acting as a CUPS print server, while a bunch FreeBSD 12-ST= ABLE >>> boxes are CUPS clients. >>>=20 >>> The setup, so far, worked with IPv4. Introducing IPv6 addresses on both= server >>> and host results in the error >>>=20 >>> [Client 1] Unable to encrypt connection: An illegal parameter has been = received. >>>=20 >>> In file cups/client.conf we address the appropriate printer via >>>=20 >>> ipps://xxx.xxx.xxx.xxx/printers/printer_name (IPv4 of the CUPS server h= ost) >>>=20 >>> This works fine. >>>=20 >>> But ipps://[XXXX:XXXX:XXXX::XXXX]/printers/printer_name (IPv6 of the CU= PS >>> server host) doesn't work and results in the error on the server as sho= wn above. >>>=20 >>> I fiddled also around with the SSLOption parameter in client.conf and p= arallel, >>> to match requiremets, in cups/cupsd.conf of the server host - with no e= ffect. >>>=20 >>> On the server side, it seems that all the documents I could pick up from >>> cups.org or Apple do not specify any IPv6 address in an "Allow from" st= atement: >>> everything seems to be stuck with IPv4. While the cupsd.conf SSLListen = option >>> is for IPv6 >>>=20 >>> SSLListen [fd01:dead:beef::affe]:631 >>>=20 >>> which works, I get an error when trying to put anything IPv6-similar wi= th the >>> convention with the brackets "[" and "]" in a "Allow from" option in the >>> sections where I need to restrict access. An IPv6 without "[" and "]" s= eems to >>> be accepted - but when coemmnting out ANY IPv4 address and leaving only= IPV6 in >>> the "Allow from " statement, no remote connection is allowed. >>>=20 >>> This drives me nuts. Since the aim will be to have a printing facility = within a >>> IPv6 only network, I feel a bit lost. >>>=20 >>> Does anyone have had similar problems? =20 >>=20 >> What you're supposed to do instead is run a cupsd on the client and add >> the print server as a network printer (using your ipps URI). When you >> have to choose the make of the printer choose Raw so you don't need a >> PPD and cupsd will forward the job to the server without doing any >> filtering. You can set this up on one client and then copy the cups >> configuration in /usr/local/etc/cups to the other clients. Running a >> local cupsd allows clients to queue print jobs when the print server is >> down. =20 >=20 > I had those settings on the client system, too: reference printer is > ipps://host.name/printers/print_queue_name, but not with "RAW" filter. I = changed that. >=20 > While I'm able to print CUPS testpages via the web interface on the CUPS = server system > itself, I still receive=20 >=20 > [Client 1] Unable to encrypt connection: An illegal parameter has been re= ceived. >=20 > in the log file on the CUPS server, when the satellite/client system trie= s to connect to > the CUPS print queue. I've just committed WITH_DEBUG support to print/cups (r490938) so please update your ports tree and rebuild and reinstall cups on the print server using "make WITH_DEBUG=3Dyes install". Then run cupsd like this: env CUPS_DEBUG_LOG=3D"/tmp/cups.debug" CUPS_DEBUG_LEVEL=3D"9" cupsd Then try to connect from the client. /tmp/cups.debug should now contain "An illegal parameter has been received" but with more context.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190122131536.42d2423e>