The results of <http://www.google.com/search?q=pkcs1+padding+too+short> suggest this message is caused by a bug in a Debian libssl0.9.8 package. Maybe try upgrading your system libssl.
On 9/7/11 2:27 PM, [email protected] wrote: > all seems to be OK, I start the s_server: > > openssl s_server -accept 7500 -cert /etc/grid-security/hostcert.pem -key > /etc/grid-security/hostkey.pem -CApath /etc/grid-security/certificates/ > -Verify 10 -quiet & > > and execute this: > > openssl s_client -connect DebianLocal.localdomain:7500 -CApath > /etc/grid-security/certificates -cert /etc/grid-security/hostcert.pem -key > /etc/grid-security/hostkey.pem -quiet > > with this output: > > depth=1 > /C=CU/L=Boyeros/ST=Habana/O=internet/OU=infraestructura/CN=DebianLocal.localdomain/[email protected] > verify return:1 > depth=0 > /C=CU/L=Boyeros/ST=Habana/O=internet/OU=internet_myproxy/CN=DebianLocal.localdomain/[email protected] > verify return:1 > depth=1 > /C=CU/L=Boyeros/ST=Habana/O=internet/OU=infraestructura/CN=DebianLocal.localdomain/[email protected] > verify return:1 > depth=0 > /C=CU/L=Boyeros/ST=Habana/O=internet/OU=internet_myproxy/CN=DebianLocal.localdomain/[email protected] > verify return:1 > > and the standard output stays hanging, at least the output doesn't show > any error. I verify that cert.pem was signed with my CA: > > openssl verify -CApath /etc/grid-security/certificates /tmp/cert.pem > > output: > cert.pem: OK > > > but when I run the s_client ssl command whit cert.pem I received the > following: > > > depth=1 > /C=CU/L=Boyeros/ST=Habana/O=internet/OU=infraestructura/CN=DebianLocal.localdomain/[email protected] > verify return:1 > depth=0 > /C=CU/L=Boyeros/ST=Habana/O=internet/OU=internet_myproxy/CN=DebianLocal.localdomain/[email protected] > verify return:1 > depth=1 > /C=CU/L=Boyeros/ST=Habana/O=internet/OU=infraestructura/CN=DebianLocal.localdomain/[email protected] > verify return:1 > depth=0 > /C=CU/L=Boyeros/ST=HavanaCity/O=Desarrollo/OU=Internet_Desarrollo/CN=otro/[email protected] > verify return:1 > 2924:error:04067069:rsa routines:RSA_EAY_PUBLIC_DECRYPT:pkcs1 padding too > short:rsa_eay.c:693: > > it's an openssl certificate decrypt "error pkcs1 padding too short", > what's the closest meaning of this message. > > >> I agree it looks like a certificate problem. >> >> I like to use the openssl s_client and s_server commands to check my >> certificate setup. For example: >> >> # openssl s_server -accept 9999 -cert /etc/grid-security/hostcert.pem >> -key /etc/grid-security/hostkey.pem -CApath >> /etc/grid-security/certificates -Verify 10 -quiet >> verify depth is 10, must return a certificate >> depth=1 /C=US/O=National Center for Supercomputing >> Applications/OU=Certificate Authorities/CN=CACL >> verify return:1 >> depth=0 /C=US/O=National Center for Supercomputing >> Applications/OU=People/CN=Jim Basney >> verify return:1 >> >> $ openssl s_client -connect localhost:9999 -CApath >> /etc/grid-security/certificates -cert ~/.globus/usercert.pem -key >> ~/.globus/userkey.pem -quiet >> Enter pass phrase for /Users/jbasney/.globus/userkey.pem: >> depth=1 /C=US/O=National Center for Supercomputing >> Applications/OU=Certificate Authorities/CN=CACL >> verify return:1 >> depth=0 /C=US/O=National Center for Supercomputing >> Applications/OU=Services/CN=example.edu >> verify return:1 >> >> Maybe you can use these openssl commands to identify the certificate >> problem in your setup. >> >> On 9/7/11 10:08 AM, [email protected] wrote: >>> the error shown is: >>> >>> Error authenticating client: GSS Major Status: Authentication Failed GSS >>> Minor Status Error Chain: globus_gsi_gssapi: SSLv3 handshake problems >>> globus_gsi_gssapi: SSLv3 handshake problems: Couldn't do ssl handshake >>> OpenSSL Error: rsa_eay.c:693: in library: rsa routines, function >>> RSA_EAY_PUBLIC_DECRYPT: pkcs1 padding too short OpenSSL Error: >>> rsa_eay.c:693: in library: rsa routines, function >>> RSA_EAY_PUBLIC_DECRYPT: >>> pkcs1 padding too short >>> >>> it appears to be a decryption problem with the certificate cert.pem >>> >>>> On 9/7/11 8:52 AM, [email protected] wrote: >>>>> I wonder if this error ( "Error authenticating: Connection closed." ) >>>>> is >>>>> an authentication problem, some PAM issue with myproxy, or everything >>>>> is >>>>> the /etc/grid-security/certificates directory. >>>> >>>> To answer this question, check your myproxy-server logs: >>>> >>>> http://grid.ncsa.illinois.edu/myproxy/troubleshooting.html >>>> >>>> ____________________________________________________________________________________ >>>> Ein tolles Angebot. Waxing in Deiner Stadt bis -70%. Jetzt! >>>> http://click.lavabit.com/h6p8e7memuaifbw61bw33t6gw39nzk8nt4c61gi646n5iehhha3b/ >>>> ____________________________________________________________________________________ >>>> >> >> ____________________________________________________________________________________ >> Delivering best night jobs results. Get better, different Relevant results >> fast ! >> Searching the best of night jobs online. >> http://click.lavabit.com/7dd3a6gmg8qmge5otayy4jwra49jo8sb6jfzap4ogaidgthpkgky/ >> ____________________________________________________________________________________ >> > > >
