Secure enabled iPrint printers fail to install from OES11 servers to Mac 10.7 (Lion)

Document ID:7009918
Creation Date:21-Dec-2011
Modified Date:26-Apr-2012
- Micro Focus Products:
  iPrint

Environment

Novell Open Enterprise Server 11 (OES 11) Linux

Novell iPrint for Linux

Apple Macintosh OS 10.7 (Lion)

Situation

SSL enabled iPrint printers receive an authentication failure message when attempting to install an iPrint printer to Mac OS 10.7 (Lion) workstations from OES11 servers. Note: the same configuration suceeds if the server is OES2 or the Mac OS is version 10.6 or earlier.

When attempting to install the printer using the 'iprntcmd --addprinter' command, the following is returned:

ipp://<HostAddress>/ipp/<iPrintPrinterName>
iprntcmd v05.04.00
Adding printer ipp://<HostAddress>/ipp/<iPrintPrinterName>.
Failed to add printer ipp://<HostAddress>/ipp/<iPrintPrinterName>.
    Group Info:   CUPS-IPP
    Error Code:   1024 (0x400)
    Error Msg:    iPrint Client - The request contained bad syntax.
    Debug Msg:    MyCupsDoFileRequest - IPP BAD REQUEST

The OES11 Apache error log shows the following:

[error] BindPsm : PA requires authentication
[error] Hostname localhost provided via SNI and hostname <hostname> provided via HTTP are different
[error] Hostname localhost provided via SNI and hostname <hostname> provided via HTTP are different

Resolution

Novell released an FTF (Field Test File) iPrint Client for Macintosh which resolves this issue.

https://download.novell.com/Download?buildid=TSkk1eC3cmw~

Novell plans to release a newer client version in the future for the official (non-FTF) release.

Status

Reported to Engineering

Additional Information

The Mac iPrint client uses CUPS for the transport layer abstraction. CUPS uses OPENSSL libraries. For the SSL+SNI connection, CUPS should use the "SSL_set_tlsext_host_name(ssl,servername)" API for their SSL connection, as this is defined in the OPENSSL library. Some CUPS developers believe adding this API will resolve the problem.