taskwarrior
taskwarrior copied to clipboard
GothenburgBitFactory
Error: specified session has been invalidated for some reason.
I've just rotated my certificates on my taskserver. After updating /home/judson/.task/keys/ca.cert to fix a TLS handshake issue, I now have the situation described here.
To report a bug...
- What command(s) did you run?
task sync
- What did you expect to happen?
normal sync
- What actually happened?
Syncing with tasks.madhelm.net:53589
The specified session has been invalidated for some reason.
Sync failed. Could not connect to the Taskserver.
- Paste the output of the
task diagcommand.
Client
task 2.5.1
Platform: Linux
Compiler
Version: 7.4.0
Caps: +stdc +stdc_hosted +LP64 +c8 +i32 +l64 +vp64 +time_t64
Compliance: C++11
Build Features
Built: Feb 24 2016 22:18:22
CMake: 3.13.4
libuuid: libuuid + uuid_unparse_lower
libgnutls: 3.6.7
Build type: Release
Configuration
File: /home/judson/.taskrc (found), 429 bytes, mode 100444
Data: /home/judson/.local/share/task (found), dir, mode 40755
Locking: Enabled
GC: Enabled
$EDITOR: /home/judson/.nix-profile/bin/nvim
Server: tasks.madhelm.net:53589
CA: /home/judson/.task/keys/ca.cert, readable, 3156 bytes
Trust: strict
Certificate: /home/judson/.task/keys/public.cert, readable, 3557 bytes
Key: /home/judson/.task/keys/private.key, readable, 6253 bytes
Ciphers: NORMAL
Creds: madhelm/judson/************************************
Hooks
System: Enabled
Location: /home/judson/.local/share/task/hooks
(-none-)
Tests
$TERM: screen-256color (232x61)
Dups: Scanned 251 tasks for duplicate UUIDs:
No duplicates found
Broken ref: Scanned 251 tasks for broken references:
No broken references found
Server
taskd 1.1.0
Platform: Linux
Hostname: webserver
Compiler
Version: 7.4.0
Caps: +stdc +stdc_hosted +200809 +200809 +LP64 +c8 +i32 +l64 +vp64 +time_t64
Compliance: C++11
Build Features
Built: May 10 2015 21:35:25
CMake: 3.13.4
libuuid: libuuid + uuid_unparse_lower
libgnutls: 3.6.7
Build type: Release
Configuration
TASKDDATA:
root: /var/lib/taskserver (readable)
config: /var/lib/taskserver/config (readable)
CA: /var/lib/acme/tasks.madhelm.net/chain.pem (readable)
Certificate: /var/lib/acme/tasks.madhelm.net/cert.pem (readable)
Key: /var/lib/acme/tasks.madhelm.net/key.pem (readable)
CRL: /var/lib/acme/tasks.madhelm.net/server.crl
Log: /tmp/taskd.log (missing)
PID File: /tmp/taskd.pid (missing)
Server:
Max Request: 1048576 bytes
Ciphers:
Trust: strict
I can reproduce this by using a client cert/key pair that do not match the CA file configured on the Taskserver.
The specified session has been invalidated for some reason.
Sync failed. Could not connect to the Taskserver.
The response from the server is actually an empty list of bytes. Usually it is a list of bytes where the first four indicate the number of bytes, and the rest are an encoding of the response message, resembling the plain text formatting of an email.
The logs at server may look like this:
s: INFO connection from <redacted>
s: 2 checking 13.01 (GNUTLS_AES_128_GCM_SHA256) for compatibility
s: 2 Selected (RSA) cert based on ciphersuite 13.1: GNUTLS_AES_128_GCM_SHA256
s: 2 EXT[0x5570938aed20]: server generated X25519 shared key
s: INFO Verifying certificate.
s: 2 issuer in verification was not found or insecure; trying against trust list
s: ERROR Certificate status=66
s: INFO The certificate is NOT trusted. The certificate issuer is unknown.
2021-09-07 12:07:39 Error: Handshake failed. Error in the certificate.
For reference, this is a gnutls message:
ERROR_ENTRY(N_
("The specified session has been invalidated for some reason."),
GNUTLS_E_INVALID_SESSION),
- https://gitlab.com/gnutls/gnutls/-/blob/3.7.2/lib/errors.c#L72-74