Puppet weird SSL error: SSL_read:: pkcs1 padding too short

While setting a puppet agent to talk to my puppetmaster I’ve got this weird SSL error:

Error: SSL_read:: pkcs1 padding too short

Debugging both on the agent and master sides didn’t offered much information.

On the master:

puppet master --no-daemonize --debug

On the agent:

puppet agent --test --debug

Although I had my master using 3.0.1 and the tested agent using 2.7, the problem didn’t look related to that. People @ #puppet also haven’t seen this error before.

I figured the problem reduced to an issue with openssl. So, I checked versions and there I got! agent’s openssl is using version 1.0.0j-1.43.amzn1 and master’s was using openssl-0.9.8b-10.el5_2.1 So I upgraded master’s openssl to openssl.i686 0:0.9.8e-22.el5_8.4 and voilá, the problem is gone.

I learned that there has been a patch in OpenSSL’s VCS that is apparently related to the issue. Hope this helps if you got into the described situation.

About Rudy Godoy

Computer Science student, founder, and digital artist by experiment. Bold. Sound.
This entry was posted in Debian, Free Software and tagged , , . Bookmark the permalink.