Hi,
I have a fresh install of workstation 12.5.5 on a linux box (Opensuse Leap 42.2), everything works fine excekt the hostd service for shared VMs. It is also not possible to conenct to other machines on the same network which offer shared VMs (also on workstation). I did two frsh installs but hve ´teh same result. The hostd process is visible but in the Workstation UI a connection to it (eithe root or user) is not possible. hostd.logs show:
2017-05-19T21:45:59.883+02:00 warning hostd[7F8B9A690700] [Originator@6876 sub=Proxysvc] SSL Handshake failed for stream <SSL(<io_obj p:0x00007f8b8c006c20, h:22, <TCP '127.0.0.1:444'>, <TCP '127.0.0.1:57358'>>)>: N7Vmacore3Ssl12SSLExceptionE(SSL Exception: error:140000DB:SSL routines:SSL routines:short read)
2017-05-19T21:46:01.883+02:00 info hostd[7F8B9B07E700] [Originator@6876 sub=Proxy Req 00023] Client certificate will not be requested.
2017-05-19T21:46:01.884+02:00 warning hostd[7F8B9A6D1700] [Originator@6876 sub=Proxysvc] SSL Handshake failed for stream <SSL(<io_obj p:0x00007f8b7c006130, h:22, <TCP '127.0.0.1:444'>, <TCP '127.0.0.1:57360'>>)>: N7Vmacore3Ssl12SSLExceptionE(SSL Exception: error:140000DB:SSL routines:SSL routines:short read)
2017-05-19T21:47:22.130+02:00 info hostd[7F8B9B03D700] [Originator@6876 sub=Proxy Req 00024] Client certificate will not be requested.
2017-05-19T21:47:22.130+02:00 warning hostd[7F8B9B100700] [Originator@6876 sub=Proxysvc] SSL Handshake failed for stream <SSL(<io_obj p:0x00007f8b7801db60, h:22, <TCP '127.0.0.1:444'>, <TCP '127.0.0.1:57372'>>)>: N7Vmacore3Ssl12SSLExceptionE(SSL Exception: error:140000DB:SSL routines:SSL routines:short read)
2017-05-19T21:47:37.129+02:00 info hostd[7F8B9A6D1700] [Originator@6876 sub=Proxy Req 00025] Client certificate will not be requested.
2017-05-19T21:47:37.129+02:00 warning hostd[7F8B9A690700] [Originator@6876 sub=Proxysvc] SSL Handshake failed for stream <SSL(<io_obj p:0x00007f8b7c02b750, h:22, <TCP '127.0.0.1:444'>, <TCP '127.0.0.1:57380'>>)>: N7Vmacore3Ssl12SSLExceptionE(SSL Exception: error:140000DB:SSL routines:SSL routines:short read)
2017-05-19T21:47:48.000+02:00 info hostd[7F8B9B07E700] [Originator@6876 sub=Proxy Req 00026] Client certificate will not be requested.
2017-05-19T21:47:48.000+02:00 warning hostd[7F8B9A6D1700] [Originator@6876 sub=Proxysvc] SSL Handshake failed for stream <SSL(<io_obj p:0x00007f8b70001ec0, h:22, <TCP '127.0.0.1:444'>, <TCP '127.0.0.1:57384'>>)>: N7Vmacore3Ssl12SSLExceptionE(SSL Exception: error:140000DB:SSL routines:SSL routines:short read)
2017-05-19T21:53:13.274+02:00 verbose hostd[7F8B9B100700] [Originator@6876 sub=Default] Validating permission users and groups
Any ideas?
Experiencing same issue. Also problems with checking for updates.
Used to be okay until one of the updates to 42.2....wonder if it's related to the:
- Bug bsc#1027712 switch to new client side cipher suite default
* Updated default cipher suite from "DEFAULT" to "SUSE_DEFAULT"
* Updates previous patch curl-DEFAULT_CIPHER_SELECTION.patch
This change has caused problems with quite a few linux apps....
v12.5.6 of Workstation doesn't resolve issues either.
Hi,
looks like current curl has issues with hostd, therefore as workaround temporary downgrade curl-packages.
packages:
-curl
-libcurl3
-libcurl4
search prior version (sorry, german locales - but should be clear anyways ) |
---|
uid@host:~> zypper search -s libcurl4 Repository-Daten werden geladen... Installierte Pakete werden gelesen... S | Name | Typ | Version | Arch | Repository --+----------------+-------+---------------+--------+-------------------------- v | libcurl4 | Paket | 7.37.0-16.3.1 | x86_64 | openSUSE-Leap-42.2-Update i | libcurl4 | Paket | 7.37.0-15.1 | x86_64 | openSUSE-Leap-42.2-Oss | libcurl4-32bit | Paket | 7.37.0-16.3.1 | x86_64 | openSUSE-Leap-42.2-Update | libcurl4-32bit | Paket | 7.37.0-15.1 | x86_64 | openSUSE-Leap-42.2-Oss |
Downgrade Package: |
---|
#>zypper install -f libcurl=7.37.0-15.1 |
lock package to protect from incidentally updating |
---|
zypper addlock libcurl4 |
Do the same for curl and libcurl3 and wait until new update available either for vmware or curl.
you can remove the package-lock later using zypper removelock <package> (you can show current locks using "zypper listlock" )
SLES12SP2 is also affected, guess they're already on it.
regards,
Daniel
edit:
I digged somewhat deeper. seems issues are related to certificate validation of hostd cert.
Probably it's enough to replace hostd cert and key in /etc/vmware/ssl/ (/etc/vmware/ssl/rui.crt ; /etc/vmware/ssl/rui.key)
But this requires you to have a working ca.
@Rehtael: you're right.
This one broke it:
openSUSE-SU-2017:1105-1: moderate: Security update for curl
Kopfzeile 1 |
---|
#>zypper patch-info openSUSE-2017-513 Repository-Daten werden geladen... Installierte Pakete werden gelesen... Informationen zu Patch openSUSE-2017-513: ----------------------------------------- Repository : openSUSE-Leap-42.2-Update Name : openSUSE-2017-513 Version : 1 Arch : noarch Anbieter : maint-coord@suse.de Status : erforderlich Kategorie : security Schweregrad : moderate Erstellt am : Mi 26 Apr 2017 14:11:02 CEST Interaktiv : --- Zusammenfassung : Security update for curl Beschreibung : This update for curl fixes the following issues: Security issue fixed: - CVE-2016-9586: libcurl printf floating point buffer overflow (bsc#1015332) - CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which lead to a heap-based buffer over-read (bsc#1032309). With this release new default ciphers are active (SUSE_DEFAULT, bsc#1027712). This update was imported from the SUSE:SLE-12:Update update project. Bereitstellungen : patch:openSUSE-2017-513 = 1 Konflikte : [16] |
Unfortunately it still doesn't appear to be fixed in 12.5.7 build-5813279
Wow, somebody has mad diagnostic skills. Thanks! I never would have thought of looking into the libcurl version.
A couple of notes: I had to do "zypper install -f libcurl4=7.37.0-15.1"; using libcurl=... had no effect. Also, my version of zypper doesn't have "listlocks"; it's just "zypper locks" (alias "zypper ll").
In the meantime I'm live and happy!
Finally resolved in VMware Workstation 14....however, you have to be on openSUSE 42.3+ or the kernel modules won't compile.