Hi, thanks for the response, Sorry to post something this convoluted to the group, but I need help and Kyle asked for more info - he may now regret that! Here is a bit more detail:
I currently have a GUI executable which calls functions and operations on a DLL. What the DLL actually does is immaterial. My task is to make the DLL run as Windows service, and allow the GUI to communicate with it using SOAP (the gSOAP toolkit is being used for this). With this in mind, I have created an executable wrapper for the DLL, and made it a SOAP service. My GUI executable has been turned into a SOAP client, so now the GUI soap client uses SOAP remote procedure calls to get the server to do stuff. Hope you followed that! The new client server layout works just fine - the soap messaging works, and the client interacts with the server with no problems via the medium of SOAP messaging. However, this breaks when I turn on the SSL stuff which gSOAP supports using OpenSSL. gSOAP apparently makes this nice and easy - you have a client and a server method which you pass the certificate names too, along with the certificate store, key passwords, dh file etc. For testing purposes I run both the client and server on the same machine, and using OpenSSL command line tools I have generated a root CA, and used this to sign a server certificate and client certificate (PEM format). Now, I don't get any errors at all from the certificates - at first when I did this I got key errors and hostname mismatch errors, but now nothing, so I believe I generated the certs properly. However, when the client sends the SOAP message to the server via https and the SOAP deserialiser parses it, it is still garbage. The gSOAP toolkit provide sent and received log files at both ends - the client sent file contains a valid SOAP message, the server received file contains a load of junk (ie: the encrypted SOAP message). What I am really asking for is this - I generate the certificates as stated then concatenate the server key to the server cert, and likewise for the client key and cert. These concatenated PEM files are then used as the certificates at both ends. When I do this, the encryption seems to work but decryption does not. Do you have any idea of what this could be, as I am lost! >From what I can see, I think I'm getting confused over what the server actually wants when it says a certificate - if I have generated a server certificate and key, is that what it is expecting? I know I'm presupposing a lot of knowledge of gSOAP, but I don't think it's gSOAP specific - that's just one method call where I tell it where to find the certificate. Still a confusing explanation I know, but it's a confusing problem! Hope this helps a little, many thanks in advance for anyone who trawled through all this! Lee Colclough -----Original Message----- [EMAIL PROTECTED] On Behalf Of Kyle Hamilton Subject: Re: Decryption question I'm not entirely certain what you're looking at. The server that hosts the SOAP service must be accessed using TLS or SSL; this means that the certificate and key need to be available to the server hosting the service, not (necessarily) the client. (XML encryption isn't done yet, according to the docs I'm reading.) The idea behind SSL and TLS is this: SSL/TLS provide you what is essentially a socket that you can read from and write to, the same way you normally would. This socket passes information through in such a way that what is sent is what is read, both ways. The encryption is handled almost transparently to your application. If you're getting garbage at the server end, then you have an issue with the code that's generating the garbage, not necessarily TLS/SSL. If I'm missing something, please let me know. Your report wasn't very helpful in figuring out what you're doing or how you're doing it. Your server is gSOAP. What's your client? How are they configured [to the extent that they use encryption]? -Kyle H On 2/8/06, Lee Colclough <[EMAIL PROTECTED]> wrote: > > > > Hi, > > > > I have created a CA certificate and used it to sign a server and client > certificate for my client / server apps. All the certificate validation > seems fine, and the data I send out (it's a SOAP message) appears to have > been encrypted properly, but it's not being decrypted at the other end. > > > > I'm on a WinXP system, and I have concatenated the key and cert files > together in PEM format as instructed. The error message I get is invalid > SOAP message, because when I look at the message received by the server, > it's still encrypted. > > > > If anyone has any knowledge of using OpenSSL within gSoap and can help, I > can provide more specific detail. > > > > Any ideas appreciated, > > > > Lee Colclough ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
