Re: [twsocket] SSL: error reading key file
Graham Stratford wrote: > Astonishingly (well, to me anyway) I was able to sort out the > problems with my client and server apps. I had copied code from the > OverbyteIcsWebserv demo, and in one place I left in the cast to > TMyHttpClient (or something like that). If I can give any tips to the > group, it's to use TICSLogger and enable logging on ALL messages. > > Slightly different but also maybe helpful to others, I had a service > that instantiated an Interface in the Execute method. Then my socket > code complained that it was trying to use an Interface that had been > marshalled for a different thread. It turns out that the Execute > method IS in a different method from my ICS datareceived event. I > check to see if the Interface variable has been assigned in my > datareceived event, and if not, I instantiate it there. > > At least, that got the app working for me. > > Thanks, Arno, for your wonderful assistance. You are wellcome. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] SSL: error reading key file
Astonishingly (well, to me anyway) I was able to sort out the problems with my client and server apps. I had copied code from the OverbyteIcsWebserv demo, and in one place I left in the cast to TMyHttpClient (or something like that). If I can give any tips to the group, it's to use TICSLogger and enable logging on ALL messages. Slightly different but also maybe helpful to others, I had a service that instantiated an Interface in the Execute method. Then my socket code complained that it was trying to use an Interface that had been marshalled for a different thread. It turns out that the Execute method IS in a different method from my ICS datareceived event. I check to see if the Interface variable has been assigned in my datareceived event, and if not, I instantiate it there. At least, that got the app working for me. Thanks, Arno, for your wonderful assistance. This was my first time venturing into the world of SSL, and you made it easier and less frightening. Graham -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] SSL: error reading key file
Thanks, Arno, I really REALLY appreciate your help. When I get back to my office, I will compare the demo and my app byte by byte (I've already gone through them; it doesn't help that the demo sets a lot of properties at run time). I know that I'm close, there's probably just an event that is no longer connected to an object, or something like that. Graham On 2010-08-24, at 9:31 AM, Arno Garrels wrote: > > Compare your settings with the settings in OverbyteIcsWebserv demo, > the difference was most likely the answer to your question, provided > both browsers work as expected against the demo and OpenSSL DLLs are > the same. > > -- > Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] SSL: error reading key file
gra...@stillbrook.org wrote: > Now my browser (Chrome) is complaining: > > Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error. > > while Firefox says: > > The connection to localhost was interrupted while the page was > loading. > > The last part of the ICSLog file is: > > 08:38:10:366 00817E70 BIO_ctrl_get_read_request(nbio) = 64 [338] > 08:38:10:366 00817E70 Winsock recv( 216, 0x166DC48, 64, 0) = 64 > [339] 08:38:10:366 00817E70 BIO_write(nbio, 0x166DC48, 64) = 64 > [340] 08:38:10:366 00817E70 BIO_ctrl(nbio, BIO_CTRL_FLUSH, 0, 0x0) = > 1 [341] 08:38:10:366 ICB> SSL_accept: SSLv3 read finished A > 08:38:10:366 ICB> SSL_accept: SSLv3 write change cipher spec A > 08:38:10:366 ICB> SSL_accept: SSLv3 write finished A > 08:38:10:366 ICB> SSL_accept: SSLv3 flush data > 08:38:10:366 NSCB> New session created > 08:38:10:367 ICB> SSL_CB_HANDSHAKE_DONE Error: 0 > 08:38:10:367 00817E70 BIO_read(sslbio, 0x1, 0) = -1 [342] > 08:38:10:367 00817E70 BIO_should_retry(sslbio) = 1 [343] > 08:38:10:367 00817E70 BIO_ctrl_pending(sslbio) = 0 [344] > 08:38:10:367 00817E70 TriggerEvents 216 SslState: SSL_ST_OK // > MayFD_Read=0 MayDoRecv=-1 MayFD_Write=-1 MaySslTryToSend=-1 > bSslAllSent=0 bAllSent=-1 > 08:38:10:367 00817E70 SslHandshakeDone(0) 216. Secure connection with > SSLv3, cipher AES256-SHA, 256 secret bits (256 total), session > reused=False > 08:38:10:367 00817E70 ResetSslSession 216 > > Which looks to me like a successful connection. What should I be > looking for? And where? Compare your settings with the settings in OverbyteIcsWebserv demo, the difference was most likely the answer to your question, provided both browsers work as expected against the demo and OpenSSL DLLs are the same. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] SSL: error reading key file
Thanks Arno, So the password is the same thing as the SelPassPhrase? Okay, I'll try it out. [later] Yes, that seems to work. I no longer get that error. Now my browser (Chrome) is complaining: Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error. while Firefox says: The connection to localhost was interrupted while the page was loading. The last part of the ICSLog file is: 08:38:10:366 00817E70 BIO_ctrl_get_read_request(nbio) = 64 [338] 08:38:10:366 00817E70 Winsock recv( 216, 0x166DC48, 64, 0) = 64 [339] 08:38:10:366 00817E70 BIO_write(nbio, 0x166DC48, 64) = 64 [340] 08:38:10:366 00817E70 BIO_ctrl(nbio, BIO_CTRL_FLUSH, 0, 0x0) = 1 [341] 08:38:10:366 ICB> SSL_accept: SSLv3 read finished A 08:38:10:366 ICB> SSL_accept: SSLv3 write change cipher spec A 08:38:10:366 ICB> SSL_accept: SSLv3 write finished A 08:38:10:366 ICB> SSL_accept: SSLv3 flush data 08:38:10:366 NSCB> New session created 08:38:10:367 ICB> SSL_CB_HANDSHAKE_DONE Error: 0 08:38:10:367 00817E70 BIO_read(sslbio, 0x1, 0) = -1 [342] 08:38:10:367 00817E70 BIO_should_retry(sslbio) = 1 [343] 08:38:10:367 00817E70 BIO_ctrl_pending(sslbio) = 0 [344] 08:38:10:367 00817E70 TriggerEvents 216 SslState: SSL_ST_OK // MayFD_Read=0 MayDoRecv=-1 MayFD_Write=-1 MaySslTryToSend=-1 bSslAllSent=0 bAllSent=-1 08:38:10:367 00817E70 SslHandshakeDone(0) 216. Secure connection with SSLv3, cipher AES256-SHA, 256 secret bits (256 total), session reused=False 08:38:10:367 00817E70 ResetSslSession 216 Which looks to me like a successful connection. What should I be looking for? And where? Graham > gra...@stillbrook.org wrote: >> I am building an application based on the OverbyteIcsSslWebServer. I >> can build and run the demo app just fine, but when I try to connect >> to my web server, I get an error: >> >> 20:00:53:579 SSLWebserver started >> 20:01:05:806 007C9810 Do_FD_ACCEPT 484 >> 20:01:05:806 0078C5C0 Dup accepting accepted socket = 524 >> 20:01:05:806 0078C5C0 DupConnected >> 20:01:05:806 0078C5C0 AcceptSslHandshake 524 >> 20:01:05:810 error:0906A068:PEM routines:PEM_do_header:bad password >> read error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib >> 20:01:05:810 0078C5C0 Fatal error SSL handshake 524 >> ESslContextException: Can't load private key file "c:\01key.pem" >> >> This 01key.pem is the same one that the demo application uses. Can >> anyone help me figure out why a different app can't read it? I'm >> tearing my hair out over this, and falling behind on a deadline. > > I guess property TSslContext.SslPassPhrase is not assigned / empty. > > -- > Arno Garrels > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be > -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] SSL: error reading key file
gra...@stillbrook.org wrote: > I am building an application based on the OverbyteIcsSslWebServer. I > can build and run the demo app just fine, but when I try to connect > to my web server, I get an error: > > 20:00:53:579 SSLWebserver started > 20:01:05:806 007C9810 Do_FD_ACCEPT 484 > 20:01:05:806 0078C5C0 Dup accepting accepted socket = 524 > 20:01:05:806 0078C5C0 DupConnected > 20:01:05:806 0078C5C0 AcceptSslHandshake 524 > 20:01:05:810 error:0906A068:PEM routines:PEM_do_header:bad password > read error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib > 20:01:05:810 0078C5C0 Fatal error SSL handshake 524 > ESslContextException: Can't load private key file "c:\01key.pem" > > This 01key.pem is the same one that the demo application uses. Can > anyone help me figure out why a different app can't read it? I'm > tearing my hair out over this, and falling behind on a deadline. I guess property TSslContext.SslPassPhrase is not assigned / empty. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] SSL: error reading key file
I am building an application based on the OverbyteIcsSslWebServer. I can build and run the demo app just fine, but when I try to connect to my web server, I get an error: 20:00:53:579 SSLWebserver started 20:01:05:806 007C9810 Do_FD_ACCEPT 484 20:01:05:806 0078C5C0 Dup accepting accepted socket = 524 20:01:05:806 0078C5C0 DupConnected 20:01:05:806 0078C5C0 AcceptSslHandshake 524 20:01:05:810 error:0906A068:PEM routines:PEM_do_header:bad password read error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib 20:01:05:810 0078C5C0 Fatal error SSL handshake 524 ESslContextException: Can't load private key file "c:\01key.pem" This 01key.pem is the same one that the demo application uses. Can anyone help me figure out why a different app can't read it? I'm tearing my hair out over this, and falling behind on a deadline. Thanks for any suggestions, Graham -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
