On Fri, Jul 18, 2003, Michiels Olivier wrote: > Hi, > I'm trying to have a client and a server communicates through a SSL > connection. I've created a client certificate and a server certificate. > They both use openssl but the server set an ENGINE which I've developed > myself. I'va had to develop it to load private keys from my nCipher. > When I'm using s_client and s_server with the certificates and keys I've > created earlier everything works perfectly but when I'm trying to > connect the s_client to my server I receive this error: > ERR_error_string: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption > failed or bad record mac. > When I'm debugging the code, it appears that the function > RSA_eay_private_decrypt is unable to decrypt the server private key > during the call of RSA_padding_check_PKCS1_type_2 function. > > Is it possible that my ENGINE interferes during the decryption of the > server private key. I've put logging messages on my ENGINE and it seems > that nothing happened in it. > > What could be my problem ? >
It looks like the RSA decryption of the SSL premaster secret is failing. I suggest you try the ENGINE out with something like rsautl and possibly log the data before and after RSA encrypt client side then see if the ENGINE can decrypt it properly. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
