FW: [omniORB] ssl_echo example problem

Adila Botonjic adila.botonjic at hermes.si
Thu Jul 20 09:47:00 BST 2006


Hi,

I discovered very soon after i wrote mail to omniORB mailing list that
the password is not a file but actual password itself, so i used my
actual password. Now server is working but client is still throwing out

Cought a CORBA:: SystemException: TRANSIENT

I'm generating keys and certificates in the way described bellow:

   1. I created one directory in which i copied the demoCA directory
from        	etc/openssl/bin/PEM. DemoCA directory already contains
all necessary 	files (private/cakey.pem, cacert.pem, index.txt and
serial) for 	creating/generating a new keys and certificates. I also
added the 	C:\Openssl\bin in system path.

   2. I created a new private key and certificate request(one for server
and 	one for client) with following command line:
	openssl req -new -keyout serverreq.pem -out serverreq.pem -days
365
	openssl req -new -keyout clientreq.pem -out clientreq.pem -days
365

   3. then i signed the requests using the cacert.pem and commited the
certificate as servercert.pem and clientcert.pem:
	openssl ca -policy policy_anything -out servercert.pem -infiles
serverreq.pem
	openssl ca -policy policy_anything -out clientcert.pem -infiles
clientreq.pem	
   
   4. then i copied server's RSA private key from serverreq.pem file and
server's certificate from servercert.pem file to a new created file
(located in output directory of an executable file) 	serverfile.pem
so 	i got that:
	---BEGIN RSA PRIVATE KEY--
	......jshaskjdksdfj.....
	--END RSA PRIVATE KEY---
	---BEGIN CERTIFICATE---
	....9234rzweurio2349...
	---END CERTIFICATE------
	And then i used it in: sslContext::key_file = "servercert.pem";
	I did the same for client.
	Instead of "root.pem" i used "cacert.pem" and for password the
actual 	password :-).




-----Original Message-----
From: Duncan Grisby [mailto:duncan at grisby.org] 
Sent: Friday, July 14, 2006 11:47 AM
To: Adila Botonjic
Cc: omniorb-list at omniorb-support.com
Subject: Re: [omniORB] ssl_echo example problem 

On Wednesday 12 July, "Adila Botonjic" wrote:

> I have a problem with the ssl_echo example. It works perfectly fine if
i
> use CA root.pem, key files server.pem and client.pem, but when i
create
> my own CA and server, client key files, it doesn't work. I get an
error:
> 
> omniORB: sslContext.cc : error:06065064:digital envelope
> routines:EVP_DecryptFinal_ex:bad decrypt  

How did you generate your keys?  It's somewhat obscure, and it's very
easy to get it wrong.

> But if put in comments the /*sslContext::key_file_password =
"password";
> */  in both sides (server and client) then server works, but client
> throws out:
> 
> Cought a CORBA:: SystemException: TRANSIENT
> 
> So, is there some problem with the format for password file? Or does
> anybody knows how to solve this problem?

That value is not a password file, it's the actual password itself.
Maybe that's the problem?

Cheers,

Duncan.

-- 
 -- Duncan Grisby         --
  -- duncan at grisby.org     --
   -- http://www.grisby.org --



More information about the omniORB-list mailing list