boinc unable to connect to World Community Grid because of missing ca-bundle.crt file

Bug #159135 reported by David Marsh
22
This bug affects 4 people
Affects Status Importance Assigned to Milestone
boinc (Ubuntu)
Low
Unassigned
Nominated for Karmic by Papamatti2

Bug Description

The version of BOINC (5.10.8 i686-pc-linux-gnu) that ships with Ubuntu 7.10 is unable to connect to the World Community Grid servers, returning errors such as:

2007-10-30 23:19:15 [World Community Grid] Sending scheduler request: Requested by user
2007-10-30 23:19:15 [World Community Grid] (not requesting new work or reporting completed tasks)
2007-10-30 23:19:16 [---] Project communication failed: attempting access to reference site
2007-10-30 23:19:17 [---] Access to reference site succeeded - project servers may be temporarily down.
2007-10-30 23:19:20 [World Community Grid] Scheduler request failed: problem with the SSL CA cert (path? access rights?)
2007-10-30 23:19:20 [World Community Grid] Deferring communication for 2 min 33 sec
2007-10-30 23:19:20 [World Community Grid] Reason: scheduler request failed

I do not experience any BOINC problems connecting to servers belonging to other BOINC projects.

Enquiring on the WCG forums reveals that the cause of this is a missing ca-bundle.crt file. See: http://www.worldcommunitygrid.org/forums/wcg/viewthread?thread=14222

Revision history for this message
Daniel Hahler (blueyed) wrote :

I cannot confirm it here, using the same boinc-client version in Ubuntu Gutsy.

I've installed boinc-client and boinc-manager, then registered with WorldCommunityGrid.org and added it as a project.

According to a Debian changelog entry (from version 5.8.17-1), there should be a ca-bundle.crt file/symlink:
  * Added ca-certificates to boinc-client's Depends field and create the
    ca-bundle.crt symlink (which points to /etc/ssl/certs/ca-certificates) in
    Debian's default BOINC data directory (/var/lib/boinc-client/) in
    boinc-client.postinst.

$ sudo ls -l /var/lib/boinc-client/ | grep crt
lrwxrwxrwx 1 root root 34 2007-11-19 01:28 ca-bundle.crt -> /etc/ssl/certs/ca-certificates.crt

Changed in boinc:
assignee: nobody → blueyed
importance: Undecided → Low
status: New → Incomplete
Revision history for this message
Marco Rodrigues (gothicx) wrote :

This problem should be already fixed in current Gutsy version...

Revision history for this message
berg (berg-foss) wrote :

the solution seems enable cacert provider at /etc/ca-certificates.conf and executing
 update-ca-certificates command like said BrodocK at his comment:

https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/153625/comments/5

The Boinc site ( http://boinc.berkeley.edu/trac/wiki/ErrorReference ) said:

/*
Scheduler request failed: problem with the SSL CA cert (path? access rights?)

This is a known problem with some ported BOINC releases, especially certain Linux x64 ports. The reason for the error is that a file (ca-bundle.crt) was omitted from the release.

If you see this error message in your message log, then you probably need to apply this fix.

   1. Determine your BOINC data directory. Check the beginning of your message log. There will be a line near the beginning like this:

       08/06/2007 13:18:00||Data directory: C:\Program Files\BOINC

   2. Download the missing file. - make sure you name the file ca-bundle.crt.
   3. Place the file in your BOINC data directory.
   4. Restart BOINC. The way you do this will depend on your installation.

Why does this problem only affect WCG, and not other BOINC projects?This is because WCG is (at the time of writing) the only BOINC project that requires a secure connection to the server. Other projects permit falling back to an insecure connection.

 */

The missing file ( I think) is a generated ( update-ca-certificates ) ca-certicate.crt build from many (all ?) providers enabled ( /etc/ca-certificates.conf )

REFERENCES:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/153625
http://boinc.berkeley.edu/trac/wiki/ErrorReference
https://bugs.launchpad.net/ubuntu/+source/esniper/+bug/164264
https://bugs.launchpad.net/ubuntu/+source/boinc/+bug/159135

Revision history for this message
berg (berg-foss) wrote :

when I enabled only cacert.org provider, I have other errors ( listed below). Then I enabled all providers and boinc works fine now :)

Qui 20 Mar 2008 19:19:15 AMT||Fetching configuration file from http://www.worldcommunitygrid.org/get_project_config.php
Qui 20 Mar 2008 19:19:33 AMT|World Community Grid|Master file download succeeded
Qui 20 Mar 2008 19:19:38 AMT|World Community Grid|Sending scheduler request: Project initialization
Qui 20 Mar 2008 19:19:38 AMT|World Community Grid|Requesting 1 seconds of new work
Qui 20 Mar 2008 19:19:40 AMT||Project communication failed: attempting access to reference site
Qui 20 Mar 2008 19:19:43 AMT||Access to reference site succeeded - project servers may be temporarily down.
Qui 20 Mar 2008 19:19:43 AMT|World Community Grid|Scheduler request failed: peer certificate cannot be authenticated with known CA certificates
Qui 20 Mar 2008 19:19:43 AMT|World Community Grid|Deferring communication for 1 min 0 sec
Qui 20 Mar 2008 19:19:43 AMT|World Community Grid|Reason: scheduler request failed

Revision history for this message
Daniel Hahler (blueyed) wrote :

Marking as "Fix released".
Problems with the used ca-certificate package, should be handled separately, e.g. in bug 153625.
Thank you.

Changed in boinc:
status: Incomplete → Fix Released
Revision history for this message
Papamatti2 (papamatti2) wrote :

In Karmic this problem appears again. As workaraound, download boinc from the boinc-site and copy the cerification file it to the location /etc/ssl

Revision history for this message
Narcissus (narcissus) wrote :

I too have this bug back in Karmic. Placing http://boinc.berkeley.edu/trac/export/16195/trunk/boinc/curl/ca-bundle.crt in /var/lib/boinc-client/ca-bundle.crt solves it.

(See http://lists.alioth.debian.org/pipermail/pkg-boinc-devel/2009-May/002094.html)

Revision history for this message
Papamatti2 (papamatti2) wrote :

I confirm that what Narcissus wrote. Copying the ca-bundle.crt in /var/lib/boinc-client/ca-bundle.crt solves the problem. This file ist linked to the /etc/ssl/ca-certificates.crt file.

Changed in boinc (Ubuntu):
status: Fix Released → Confirmed
Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

could anybody please test if this bug is still alive with a new boinc version?

Changed in boinc (Ubuntu):
status: Confirmed → Incomplete
Daniel Hahler (blueyed)
Changed in boinc (Ubuntu):
assignee: Daniel Hahler (blueyed) → nobody
Revision history for this message
CassieMoondust (cassie-lx) wrote :

While installing boinc some errors show up.

Revision history for this message
CassieMoondust (cassie-lx) wrote :

@LocutusOfBorg

There is no issue with the certificate in oneiric ocelot anymore.
Bug is fixed for me.

Changed in boinc (Ubuntu):
status: Incomplete → Fix Released
Revision history for this message
Daniel Hahler (blueyed) wrote :

Thanks for reporting back Papamatti.

The errors look like boinc was not running (anymore) in the post-start setup phase:
    boinc-client (6.12.33+dfsg-1.1) wird eingerichtet ...
     * Starting BOINC core client: boinc non-network local connections being added to access control list
                                                                         [ OK ]
     * Setting up scheduling for BOINC core client and children: chrt: failed to set pid 4075's policy: Kein passender Prozess gefunden
    chrt: failed to set pid 4075's policy: Kein passender Prozess gefunden
    chrt: failed to set pid 4075's policy: Kein passender Prozess gefunden
    /etc/init.d/boinc-client: 243: cannot create /proc/4075/oom_adj: Directory nonexistent
                                                                         [ OK ]
Does this still happen for you, e.g. when doing "sudo invoke-rc.d restart boinc-client"?

Revision history for this message
CassieMoondust (cassie-lx) wrote :

Doing "sudo invoke-rc.d restart boinc-client" results in:

"invoke-rc.d: unknown initscript, /etc/init.d/restart not found."

After rebooting oneiric boinc runs normally.

"sudo service boinc-client restart" results in:
 * Stopping BOINC core client: boinc ... waiting .. [ OK ]
 * Starting BOINC core client: boinc xhost: unable to open display ""
xhost error ignored, GPU computing may not be possible [ OK ]
 * Setting up scheduling for BOINC core client and children: [ OK ]

Little bit wired, but boinc works and with gpu (nvidia cuda-opencl) runs also!
No problems so far.

Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

maybe
sudo invoke-rc.d boinc-client restart ?

Revision history for this message
CassieMoondust (cassie-lx) wrote :

"sudo invoke-rc.d boinc-client restart" results in:

 * Stopping BOINC core client: boinc ... waiting . [ OK ]
 * Starting BOINC core client: boinc non-network local connections being added to access control list
                                                                         [ OK ]
 * Setting up scheduling for BOINC core client and children:

Revision history for this message
Daniel Hahler (blueyed) wrote :

That looks OK.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments