I see that you have cnauto-cert.pem and cnauto-key.pem. Can you look into
the files and make sure that the contents are correctly tagged as
certificate and key?
Maybe also try Protocols="All" for the sslcontext.
I'm not sure what's the problem, but hope that might help you.
On Monday, June 18, 2012 8:11:18 PM UTC+8, Iuri Sampaio wrote:
>
> Hi there,
>
> After setting up nsopenssl on aolserver I got the following error.
>
>
>
> SSL connection error
> Unable to make a secure connection to the server. This may be a problem
> with the server, or it may be requiring a client authentication certificate
> that you don't have.
> Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.
>
>
>
> Though, 1) config.tcl is properly set
> 2) paths and permissions are properly set
> 3) and logs show the libs and certs were loaded sucessfully
>
>
> [17/Jun/2012:20:20:45][30618.
> 3074823872][-main-] Notice: modload: loading
> '/usr/lib/aolserver4/bin/nssha1.so'
> [17/Jun/2012:20:20:45][30618.3074823872][-main-] Notice: modload: loading
> '/usr/lib/aolserver4/bin/nsopenssl-3.0/nsopenssl.so'
> [17/Jun/2012:20:20:45][30618.3074823872][-main-] Notice: nsopenssl:
> generating 512-bit temporary RSA key ...
> [17/Jun/2012:20:20:45][30618.3074823872][-main-] Notice: nsopenssl:
> generating 1024-bit temporary RSA key ...
> [17/Jun/2012:20:20:45][30618.3074823872][-main-] Notice: nsopenssl
> (cnauto): loading SSL context 'users'
> [17/Jun/2012:20:20:45][30618.3074823872][-main-] Notice: nsopenssl
> (cnauto): 'users' ciphers loaded successfully
> [17/Jun/2012:20:20:45][30618.3074823872][-main-] Notice: nsopenssl
> (cnauto): 'users' using SSLv3 protocol
> [17/Jun/2012:20:20:45][30618.3074823872][-main-] Notice: nsopenssl
> (cnauto): 'users' using TLSv1 protocol
> [17/Jun/2012:20:20:45][30618.3074823872][-main-] Notice: nsopenssl
> (cnauto): 'users' certificate and key loaded successfully
> [17/Jun/2012:20:20:45][30618.3074823872][-main-] Notice: nsopenssl
> (cnauto): 'users' CA file loaded successfully
> [17/Jun/2012:20:20:45][30618.3074823872][-main-] Notice: users
> (nsopenssl): session cache is turned on for sslcontext 'cnauto'
> [17/Jun/2012:20:20:45][30618.3074823872][-main-] Notice: nsopenssl
> (cnauto): loading SSL context 'client'
> [17/Jun/2012:20:20:45][30618.3074823872][-main-] Notice: nsopenssl
> (cnauto): 'client' ciphers loaded successfully
> [17/Jun/2012:20:20:45][30618.3074823872][-main-] Notice: nsopenssl
> (cnauto): 'client' using SSLv2 protocol
> [17/Jun/2012:20:20:45][30618.3074823872][-main-] Notice: nsopenssl
> (cnauto): 'client' using SSLv3 protocol
> [17/Jun/2012:20:20:45][30618.3074823872][-main-] Notice: nsopenssl
> (cnauto): 'client' using TLSv1 protocol
> [17/Jun/2012:20:20:45][30618.3074823872][-main-] Notice: nsopenssl
> (cnauto): 'client' certificate and key loaded successfully
> [17/Jun/2012:20:20:45][30618.3074823872][-main-] Notice: nsopenssl
> (cnauto): 'client' CA file loaded successfully
> [17/Jun/2012:20:20:45][30618.3074823872][-main-] Notice: client
> (nsopenssl): session cache is turned on for sslcontext 'cnauto'
> [17/Jun/2012:20:20:45][30618.3074823872][-main-] Notice: nsopenssl
> (cnauto): default SSL context for server is users
> [17/Jun/2012:20:20:45][30618.3074823872][-main-] Notice: default server
> SSL context: users
> [17/Jun/2012:20:20:45][30618.3074823872][-main-] Notice: nsopenssl
> (cnauto): default SSL context for client is client
> [17/Jun/2012:20:20:45][30618.3074823872][-main-] Notice: default client
> SSL context: client
> [17/Jun/2012:20:20:45][30618.3074823872][-main-] Notice: nsopenssl
> (cnauto): loading 'users' SSL driver
> ...
> [17/Jun/2012:20:20:56][30618.3052837744][-nsopenssl:driver-] Notice:
> starting
> [17/Jun/2012:20:20:56][30618.3052837744][-nsopenssl:driver-] Notice:
> nsopenssl: listening on 127.0.0.1:8443
> #######
>
>
> I believe the error is related to the 'client' certificate. Before I got
> the error:
>
>
> ########
> [17/Jun/2012:20:00:42][30405.3074971328][-main-] Notice: nsopenssl
> (cnauto): loading SSL context 'client'
> [17/Jun/2012:20:00:42][30405.3074971328][-main-] Notice: nsopenssl
> (cnauto): 'client' ciphers loaded successfully
> [17/Jun/2012:20:00:42][30405.3074971328][-main-] Notice: nsopenssl
> (cnauto): 'client' using SSLv2 protocol
> [17/Jun/2012:20:00:42][30405.3074971328][-main-] Notice: nsopenssl
> (cnauto): 'client' using SSLv3 protocol
> [17/Jun/2012:20:00:42][30405.3074971328][-main-] Notice: nsopenssl
> (cnauto): 'client' using TLSv1 protocol
> [17/Jun/2012:20:00:42][30405.3074971328][-main-] Error: nsopenssl
> (cnauto): 'client' certificate file is not readable or does not exist
> [17/Jun/2012:20:00:42][30405.3074971328][-main-] Error: nsopenssl
> (cnauto): SSL context 'client' left uninitialized
> [17/Jun/2012:20:00:42][30405.3074971328][-main-] Notice: nsopenssl
> (cnauto): default SSL context for server is users
> [17/Jun/2012:20:00:42][30405.3074971328][-main-] Notice: default server
> SSL context: users
> [17/Jun/2012:20:00:42][30405.3074971328][-main-] Notice: nsopenssl
> (cnauto): default SSL context for client is client
> [17/Jun/2012:20:00:42][30405.3074971328][-main-] Notice: default client
> SSL context: client
> [17/Jun/2012:20:00:42][30405.3074971328][-main-] Notice: nsopenssl
> (cnauto): loading 'users' SSL driver
> #########
>
> Then I changed the 'client' cert's paths within config.tcl to the same of
> users
>
>
>
> Would that be the issue?
>
> Best wishes,
> Iuri
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
aolserver-talk mailing list
aolserver-talk@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/aolserver-talk
