CUPS: [Client 1] Unable to encrypt connection: An illegal parameter has been received.
O. Hartmann
o.hartmann at walstatt.org
Mon Jan 21 20:01:19 UTC 2019
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Am Wed, 16 Jan 2019 18:33:36 +0100
Tijl Coosemans <tijl at FreeBSD.org> schrieb:
> On Wed, 16 Jan 2019 15:23:40 +0100 "O. Hartmann" <ohartmann at walstatt.org> wrote:
> > We have an experimental IPV6 network and within this network, FreebSD CURRENT
> > (r343087) is acting as a CUPS print server, while a bunch FreeBSD 12-STABLE
> > boxes are CUPS clients.
> >
> > The setup, so far, worked with IPv4. Introducing IPv6 addresses on both server
> > and host results in the error
> >
> > [Client 1] Unable to encrypt connection: An illegal parameter has been received.
> >
> > In file cups/client.conf we address the appropriate printer via
> >
> > ipps://xxx.xxx.xxx.xxx/printers/printer_name (IPv4 of the CUPS server host)
> >
> > This works fine.
> >
> > But ipps://[XXXX:XXXX:XXXX::XXXX]/printers/printer_name (IPv6 of the CUPS
> > server host) doesn't work and results in the error on the server as shown above.
> >
> > I fiddled also around with the SSLOption parameter in client.conf and parallel,
> > to match requiremets, in cups/cupsd.conf of the server host - with no effect.
> >
> > On the server side, it seems that all the documents I could pick up from
> > cups.org or Apple do not specify any IPv6 address in an "Allow from" statement:
> > everything seems to be stuck with IPv4. While the cupsd.conf SSLListen option
> > is for IPv6
> >
> > SSLListen [fd01:dead:beef::affe]:631
> >
> > which works, I get an error when trying to put anything IPv6-similar with the
> > convention with the brackets "[" and "]" in a "Allow from" option in the
> > sections where I need to restrict access. An IPv6 without "[" and "]" seems to
> > be accepted - but when coemmnting out ANY IPv4 address and leaving only IPV6 in
> > the "Allow from " statement, no remote connection is allowed.
> >
> > This drives me nuts. Since the aim will be to have a printing facility within a
> > IPv6 only network, I feel a bit lost.
> >
> > Does anyone have had similar problems?
Hello and my apology for responding so late.
>
> cupsd.conf(5) does mention "Allow [ipv6-address]" in the section:
> DIRECTIVES VALID WITHIN LOCATION AND LIMIT SECTIONS
I found that, too late, too. The man page is very clear and almost complete on that - I
stupidly relied on "internet" findings, which were a bit outdated.
>
>
> With client.conf you can configure libcups so it talks to a remote CUPS
> server instead of the local one. This has been deprecated for years so
> I suspect there hasn't been any development on it and that it simply
> doesn't support IPv6.
Also, I realised that I've inherited config files from ealier installations whcih moved
onward on newer setups - so I missed client.conf! Thanks for the hint. After deletion of
the file in question, the problems persisted.
>
> What you're supposed to do instead is run a cupsd on the client and add
> the print server as a network printer (using your ipps URI). When you
> have to choose the make of the printer choose Raw so you don't need a
> PPD and cupsd will forward the job to the server without doing any
> filtering. You can set this up on one client and then copy the cups
> configuration in /usr/local/etc/cups to the other clients. Running a
> local cupsd allows clients to queue print jobs when the print server is
> down.
I had those settings on the client system, too: reference printer is
ipps://host.name/printers/print_queue_name, but not with "RAW" filter. I changed that.
While I'm able to print CUPS testpages via the web interface on the CUPS server system
itself, I still receive
[Client 1] Unable to encrypt connection: An illegal parameter has been received.
in the log file on the CUPS server, when the satellite/client system tries to connect to
the CUPS print queue.
>
> Alternatively you can let the print server announce the printer via
> Bonjour/Avahi (Browsing on in cupsd.conf) and run cups-browsed from
> print/cups-filters on the clients which will then detect the print
> server and add a raw print queue automatically. This can be convenient
> for laptops that move between networks.
> _______________________________________________
> freebsd-current at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe at freebsd.org"
- --
O. Hartmann
Ich widerspreche der Nutzung oder Übermittlung meiner Daten für
Werbezwecke oder für die Markt- oder Meinungsforschung (§ 28 Abs. 4 BDSG).
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQSy8IBxAPDkqVBaTJ44N1ZZPba5RwUCXEYlAgAKCRA4N1ZZPba5
RyZhAQDWJafWs4z2FlkUzX/byx9E3ner3vOhf3ElR2lQDE8osQEAmrPY7TDe/uky
RYXqcPztjcGL6bSzbi1c86qkzmlpEg0=
=Ssop
-----END PGP SIGNATURE-----
More information about the freebsd-current
mailing list