Can someone take a look at the attached PEM file and transcripts from the client and server and tell me if there's something obvious that I've overlooked? I built the openssl-0.9.4 libraries with the -DNO_RSA option on hpux11. I used the openssl utility to create a DSA based CA, from which I generated and signed a cert. I also generated DH parameters. I cat'ed the DH parameters, DSA cert and DSA private key into the attached PEM file. I used this PEM file with the s_server and s_client utilities and I was able to establish a connection successfully. Next, I generated shared libraries from the static libraries for use by a third party tool that puts object wrappers around the libraries for use in a secure CORBA environment. When I attempt a CORBA request from the client, it appears to drop into the ssl logic correctly, but fails the connect. I've also attached a copy of the printout of the server's context structure, in case there are any clues there. Some of the large numbers in the structure represent pointers to subordinate structures that were not defined for printout. Thanks in advance for any help, Ed Trembicki-Guy
server.pem
StbSSLeayContext(40D38910) {
method StbSSLeayMethod(7F553598) {
version 768
newFunction 2136284290
clearFunction 2136284298
freeFunction 2136283410
acceptFunction 2136284650
connectFunction 2136284514
readFunction 2136283842
peekFunction 2136284546
writeFunction 2136284554
shutdownFunction 2136284562
renegotiateFunction 2136283850
renegotiateCheckFunction 2136283826
ctrlFunction 2136284426
ctxCtrlFunction 2136284434
getCipherByCharFunction 2136283458
putCipherByCharFunction 2136283898
pendingFunction 2136284570
numCiphersFunction 2136283442
getCipherFunction 2136283450
getMethodFunction 2136284658
getTimeoutFunction 2136284578
ssl3Enc 2136285992
versionFunction 0
}
options 0
mode 0
cipherList StbSSLeayCipherStack(40D38C10) [
StbSSLeayCipher(EDH-DSS-DES-CBC3-SHA)
StbSSLeayCipher(EDH-DSS-DES-CBC-SHA)
StbSSLeayCipher(ADH-DES-CBC3-SHA)
StbSSLeayCipher(ADH-RC4-MD5)
StbSSLeayCipher(ADH-DES-CBC-SHA)
StbSSLeayCipher(EXP-ADH-RC4-MD5)
StbSSLeayCipher(EXP-ADH-DES-CBC-SHA)
]
cipherListById StbSSLeayCipherStack(40D39088) [
StbSSLeayCipher(EDH-DSS-DES-CBC-SHA)
StbSSLeayCipher(EDH-DSS-DES-CBC3-SHA)
StbSSLeayCipher(EXP-ADH-RC4-MD5)
StbSSLeayCipher(ADH-RC4-MD5)
StbSSLeayCipher(EXP-ADH-DES-CBC-SHA)
StbSSLeayCipher(ADH-DES-CBC-SHA)
StbSSLeayCipher(ADH-DES-CBC3-SHA)
]
certStore StbSSLeayX509Store(40D38AF8) {
cache 1
certs StbSSLeayX509HashList(40D38B28)
getCertMethods StbSSLeayX509LookupStack(40D38BD8)
verify 0
verifyCb 0
exData [
1087605516
1087605520
]
references 1
depth 0
}
sessions 1087605320
sessionCacheSize 20480
sessionCacheHead 0
sessionCacheTail 0
sessionCacheMode 2
sessionTimeout 7200
newSessionCb 0
removeSessionCb 0
getSessionCb 0
sessConnect 0
sessConnectRenegotiate 0
sessConnectGood 0
sessAccept 6
sessAcceptRenegotiate 0
sessAcceptGood 0
sessMiss 0
sessTimeout 0
sessCacheFull 0
sessHit 0
sessCbHit 0
references 7
infoCallback a StbSSLeayCallbackObject
appVerifyCallback nil
appVerifyArg 0
defaultCert StbSSLeayCert(40D389F8) {
key StbSSLeayCertPKey(40D38A20) {
x509 StbSSLeayX509(40D38DD0)Certificate {
toBeSigned
Certificate-ToBeSigned {
version [0] 2
serialNumber 1
signature #(1 2 840
10040 4 3)(#[5 0])
issuer (
id-at-countryName('US');
id-at-stateOrProvinceName('New Jersey');
id-at-localityName('Dover');
id-at-organizationName('Edwardian Security');
id-at-organizationalUnitName('Certificate Issuance');
id-at-commonName('Edward B. Trembicki-Guy');
AVA('[EMAIL PROTECTED]');
)
validity Validity {
notBefore #[57
57 49 48 48 55 49 56 48 48 49 55 90]
notAfter #[48
48 49 48 48 54 49 56 48 48 49 55 90]
}
subject (
id-at-countryName('US');
id-at-stateOrProvinceName('New Jersey');
id-at-localityName('Parsippany');
id-at-organizationName('Dun & Bradstreet');
id-at-organizationalUnitName('IWS');
id-at-commonName('Ed Trembicki-Guy');
AVA('[EMAIL PROTECTED]');
)
subjectPublicKeyInfo
SubjectPublicKeyInfo {
algorithm #(1
2 840 10040 4 1)(#[48 130 1 30 2 129 129 0 134 249 185 87 12 192 132 210 135 242 133 1
49 203 247 243 94 206 183 234 231 122 96 233 82 20 211 236 233 193 252 176 6 93 128
220 210 151 220 182 108 244...(more)...])
subjectPublicKey #[2 129 128 25 75 34 236 59 112 130 175 86 203 24 251 119 236 127 243
95 78 221 18 28 254 143 139 207 140 173 132 112 116 58 95 157 14 232 91 6 85 103 184
175 60 34 179 129 226 36...(more)...]
}
issuerUniqueID
subjectUniqueID
extensions [3]
Extensions {
Extension {
extnId #(2 5 29 19)
extnCriticality #FALSE
extnValue #[48 0]
}
Extension {
extnId #(2 16 840 1 113730 1 13)
extnCriticality #FALSE
extnValue #[22 29 79 112 101 110 83 83 76 32 71 101 110 101 114 97 116 101 100 32 67
101 114 116 105 102 105 99 97 116 101]
}
Extension {
extnId #(2 5 29 14)
extnCriticality #FALSE
extnValue #[4 20 175 208 86 44 43 90 69 244 86 94 95 120 236 134 196 252 131 148 191
250]
}
Extension {
extnId #(2 5 29 35)
extnCriticality #FALSE
extnValue #[48 129 219 128 20 204 202 42 141 172 39 29 49 55 67 177 109 122 31 214
132 185 37 157 241 161 129 191 164 129 188 48 129 185 49 11 48 9 6 3 85 4 6 19 2 85 83
49 19 48...(more)...]
}
}
}
algorithmIdentifier #(1 2 840
10040 4 3)(#[5 0])
encrypted #[48 45 2 20 8 93
124 65 3 45 86 96 61 228 122 118 117 253 114 198 35 255 34 200 2 21 0 128 16 74 254 59
71 39 52 18 25 2 22 244 157 210 156 22 30 194 238]
}
privateKey StbSSLeayPKey(40D38CC8) {
type 116
saveType 116
references 7
pkey 1087605992
saveParameters 1
attributes 0
}
}
valid 0
mask 0
exportMask 0
dhTemp StbSSLeayDH(40D62208) {
pad 0
version 0
p 1087775776
g 1087775632
length 0
pubKey 1087775504
privKey 1087775472
flags 1
methodMontP 1087775536
}
dhTempCb 0
pkeys [
StbSSLeayCertPKey(40D38A10) {
x509 StbExternalNull(0)
privateKey StbExternalNull(0)
}
StbSSLeayCertPKey(40D38A18) {
x509 StbExternalNull(0)
privateKey StbExternalNull(0)
}
StbSSLeayCertPKey(40D38A20) {
x509 StbSSLeayX509(40D38DD0)Certificate {
toBeSigned
Certificate-ToBeSigned {
version [0] 2
serialNumber 1
signature #(1 2 840
10040 4 3)(#[5 0])
issuer (
id-at-countryName('US');
id-at-stateOrProvinceName('New Jersey');
id-at-localityName('Dover');
id-at-organizationName('Edwardian Security');
id-at-organizationalUnitName('Certificate Issuance');
id-at-commonName('Edward B. Trembicki-Guy');
AVA('[EMAIL PROTECTED]');
)
validity Validity {
notBefore #[57
57 49 48 48 55 49 56 48 48 49 55 90]
notAfter #[48
48 49 48 48 54 49 56 48 48 49 55 90]
}
subject (
id-at-countryName('US');
id-at-stateOrProvinceName('New Jersey');
id-at-localityName('Parsippany');
id-at-organizationName('Dun & Bradstreet');
id-at-organizationalUnitName('IWS');
id-at-commonName('Ed Trembicki-Guy');
AVA('[EMAIL PROTECTED]');
)
subjectPublicKeyInfo
SubjectPublicKeyInfo {
algorithm #(1
2 840 10040 4 1)(#[48 130 1 30 2 129 129 0 134 249 185 87 12 192 132 210 135 242 133 1
49 203 247 243 94 206 183 234 231 122 96 233 82 20 211 236 233 193 252 176 6 93 128
220 210 151 220 182 108 244...(more)...])
subjectPublicKey #[2 129 128 25 75 34 236 59 112 130 175 86 203 24 251 119 236 127 243
95 78 221 18 28 254 143 139 207 140 173 132 112 116 58 95 157 14 232 91 6 85 103 184
175 60 34 179 129 226 36...(more)...]
}
issuerUniqueID
subjectUniqueID
extensions [3]
Extensions {
Extension {
extnId #(2 5 29 19)
extnCriticality #FALSE
extnValue #[48 0]
}
Extension {
extnId #(2 16 840 1 113730 1 13)
extnCriticality #FALSE
extnValue #[22 29 79 112 101 110 83 83 76 32 71 101 110 101 114 97 116 101 100 32 67
101 114 116 105 102 105 99 97 116 101]
}
Extension {
extnId #(2 5 29 14)
extnCriticality #FALSE
extnValue #[4 20 175 208 86 44 43 90 69 244 86 94 95 120 236 134 196 252 131 148 191
250]
}
Extension {
extnId #(2 5 29 35)
extnCriticality #FALSE
extnValue #[48 129 219 128 20 204 202 42 141 172 39 29 49 55 67 177 109 122 31 214
132 185 37 157 241 161 129 191 164 129 188 48 129 185 49 11 48 9 6 3 85 4 6 19 2 85 83
49 19 48...(more)...]
}
}
}
algorithmIdentifier #(1 2 840
10040 4 3)(#[5 0])
encrypted #[48 45 2 20 8 93
124 65 3 45 86 96 61 228 122 118 117 253 114 198 35 255 34 200 2 21 0 128 16 74 254 59
71 39 52 18 25 2 22 244 157 210 156 22 30 194 238]
}
privateKey StbSSLeayPKey(40D38CC8) {
type 116
saveType 116
references 7
pkey 1087605992
saveParameters 1
attributes 0
}
}
StbSSLeayCertPKey(40D38A28) {
x509 StbExternalNull(0)
privateKey StbExternalNull(0)
}
StbSSLeayCertPKey(40D38A30) {
x509 StbExternalNull(0)
privateKey StbExternalNull(0)
}
]
references 1
}
defaultReadAhead 0
defaultVerifyMode 0
defaultVerifyDepth -1
defaultSidContextLength 0
defaultSidContext [
1087605148
1087605149
1087605150
1087605151
1087605152
1087605153
1087605154
1087605155
1087605156
1087605157
1087605158
1087605159
1087605160
1087605161
1087605162
1087605163
1087605164
1087605165
1087605166
1087605167
1087605168
1087605169
1087605170
1087605171
1087605172
1087605173
1087605174
1087605175
1087605176
1087605177
1087605178
1087605179
]
defaultVerifyCallback 0
defaultPasswdCallback nil
defaultPasswdCallbackUserData 0
clientCertCb 0
clientCA StbSSLeayX509NameStack(40D38C30)
quietShutdown 0
exData [
1087605204
1087605208
]
rsaMd5 2136262632
md5 2136262632
sha1 2136262952
extraCerts 0
compMethods 0
}
October 12, 1999 5:07:39 pm IIOP Server connection to hp61.us.dbisna.com:2439
starting...
unsigned long SSL_new(unsigned long) a Message with selector: #newConnection and
arguments: #()
long SSL_set_fd(unsigned long, long) a Message with selector: #setFileDescriptor: and
arguments: #(11)
long SSL_accept(unsigned long) a Message with selector: #accept and arguments: #()
type a Message with selector: #type and arguments: #()
state a Message with selector: #state and arguments: #()
type a Message with selector: #type and arguments: #()
state a Message with selector: #state and arguments: #()
type a Message with selector: #type and arguments: #()
state a Message with selector: #state and arguments: #()
type a Message with selector: #type and arguments: #()
state a Message with selector: #state and arguments: #()
type a Message with selector: #type and arguments: #()
state a Message with selector: #state and arguments: #()
type a Message with selector: #type and arguments: #()
state a Message with selector: #state and arguments: #()
type a Message with selector: #type and arguments: #()
state a Message with selector: #state and arguments: #()
type a Message with selector: #type and arguments: #()
state a Message with selector: #state and arguments: #()
SSL Accept Error: -1
long SSL_shutdown(unsigned long) a Message with selector: #shutdown and arguments: #()
Failed Connection Attempt
SSL: 0 24576 HANDSHAKE_START
SSL: ACCEPT 24576 ACCEPT_LOOP
SSL: ACCEPT SSL3_SR_CLNT_HELLO_A ACCEPT_LOOP
SSL: ACCEPT SSL3_SW_SRVR_HELLO_A ACCEPT_LOOP
SSL: ACCEPT SSL3_SW_CERT_A ACCEPT_LOOP
SSL: ACCEPT SSL3_SW_KEY_EXCH_A ACCEPT_LOOP
SSL: ACCEPT SSL3_SW_SRVR_DONE_A ACCEPT_LOOP
SSL: ACCEPT SSL3_SW_FLUSH ACCEPT_EXIT
October 12, 1999 5:08:09 pm
aServerToIIOP('hp61.us.dbisna.com':2439)StbServerTransportConnection>>readerBlock
error: COMM_FAILURE
October 12, 1999 5:08:09 pm IIOP Server connection to hp61.us.dbisna.com:2439 shutting
down...
unsigned long SSL_new(unsigned long) a Message with selector: #newConnection and arguments: #() long SSL_set_fd(unsigned long, long) a Message with selector: #setFileDescriptor: and arguments: #(10) long SSL_connect(unsigned long) a Message with selector: #connect and arguments: #() type a Message with selector: #type and arguments: #() state a Message with selector: #state and arguments: #() type a Message with selector: #type and arguments: #() state a Message with selector: #state and arguments: #() type a Message with selector: #type and arguments: #() state a Message with selector: #state and arguments: #() type a Message with selector: #type and arguments: #() state a Message with selector: #state and arguments: #() long SSL_shutdown(unsigned long) a Message with selector: #shutdown and arguments: #() Connect Error: -1 SSL: 0 20480 HANDSHAKE_START SSL: CONNECT 20480 CONNECT_LOOP SSL: CONNECT SSL3_CW_CLNT_HELLO_A CONNECT_LOOP SSL: CONNECT SSL3_CR_SRVR_HELLO_A CONNECT_EXIT
