I was getting the same errors and then found that the server.pem needs
to contain both key and certificate.
If you are using a self signed certificate like the way I was using,
you may need to concatenate the serverKey and CACert
cat ca.cert server.key > server.pem
After adding the certificate to the server.pem things seemed to be
working fine. I still need to check the ethereal traces to verify that
the SSL is working fine. But now I am not getting the "Can't read CA
file and directory" errors. I got the idea of concatenating the key
and certificate after looking into the ssl provided with gsoap. cat is
used in cert.sh script to create the server.pem used later in the ssl
sample.
--- In gsoap@yahoogroups.com, tikcireviva <[EMAIL PROTECTED]> wrote:
>
> Finally fix the issue:
>
> I have had link opsec-ssl before linking the openssl, after swaping
this
> two libs in the makefile, everything works fine now.
>
> Sorry for this stupid question.
>
> Kit
>
>
> tikcireviva wrote:
>
> > Hi Guys,
> >
> > I've had an error while working on the SSL on gsoap.
> > My implementation works find without ssl, but it had problem while
> > using it.
> >
> > It seems that the openssl can't find the ca cert file, however the
path
> > is absolutely correct.
> > Do you guys know any reasons why this doesn't work right?
> >
> > I wonder if there is any environment which I will have to set in my
> > Linux box (fc2).
> >
> > Thanks for helping,
> >
> > Best regards,
> >
> > Kit.
> >
> > This line is printed from stdsoap.cpp
> > soap->cafile:/etc/tmp/cert/ca.crt, soap->capath:(null)
> >
> > --------PRINTOUT-------------
> >
> > call CRYPTO_thread_setup()
> > cert:/etc/tmp/cert/server.pem
> > ca:/etc/tmp/cert/ca.crt
> > soap->cafile:/etc/tmp/cert/ca.crt, soap->capath:(null)
> > Error 23 fault: SOAP-ENV:Server [no subcode]
> > "SSL error"
> > Detail: Can't read CA file and directory
> >
> > --------CODING---------------
> >
> > s = soap_new();
> > if(c->get_enable_ssl())
> > {
> > cout << "call CRYPTO_thread_setup()" << endl;
> > if (CRYPTO_thread_setup()) {
> > fprintf(stderr, "Cannot setup thread mutex\n");
> > SAFE_XMLRPC_RETURN(s);
> > return false;
> > }
> > }
> > soap_init(s);
> > if(c->get_enable_ssl())
> > {
> > cout << "cert:" << c->get_ssl_local_cert_path() << endl;
> > cout << "ca:" << c->get_ssl_ca_cert_path() << endl;
> > if (soap_ssl_client_context(
> > s,
> > SOAP_SSL_DEFAULT,
> > c->get_ssl_local_cert_path().c_str(),
> > c->get_ssl_local_cert_pass().c_str(),
> > c->get_ssl_ca_cert_path().c_str(),
> > NULL,
> > NULL)) {
> > // print ... error
> > }
> > }
> >
> > // do stuffs
> >
> > -------STDSOAP.CPP-----------
> >
> > static int
> > ssl_auth_init(struct soap *soap)
> > { if (!ssl_init_done)
> > soap_ssl_init();
> > .....
> >
> > if (soap->cafile || soap->capath)
> > { if (!SSL_CTX_load_verify_locations(soap->ctx, soap->cafile,
> > soap->capath))
> > { printf("soap->cafile:%s,
> > soap->capath:%s\n",soap->cafile,soap->capath);
> > return soap_set_receiver_error(soap, "SSL error", "Can't read CA
> > file and directory", SOAP_SSL_ERROR);
> >
> >
>
