Re: with Cavium Engine, hitting unable-to-get-issuer-cert-locally

Fri, 12 Jan 2007 17:27:40 -0800 

Following is a summary of some more observations related to this, for your
refence:

Case-1: No engine used, both at s_client and s_server side
  In this case, the programs are working fine, and the client and server
are able to send messages.

Case-2: s_client with cavium engine, and s_server default (the case
mentioned in the earlier email)
  In this case, i am getting the following messages.
  At s_client side:
       engine "cavium" set.
       CONNECTED(00000004)
       depth=0 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert
(512 bit)
       verify error:num=20:unable to get local issuer certificate
       verify return:1
       depth=0 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert
(512 bit)
       verify error:num=27:certificate not trusted
       verify return:1
       depth=0 /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert
(512 bit)
       verify error:num=21:unable to verify the first certificate
       verify return:1
       12054:error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad
signature:s3_clnt.c:1357:
   At s_server side:
       Using default temp DH parameters
       Using default temp ECDH parameters
       ACCEPT
       ERROR
       12053:error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert
decrypt error:s3_pkt.c:1057:SSL alert number 51
       shutting down SSL
       CONNECTION CLOSED
       ACCEPT

Case-3: s_client default, and s_server using cavium engine
  In this case, i am getting the following messages.
  At s_client side:
        CONNECTED(00000003)
        12056:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:188:
   At s_server side:
        engine "cavium" set.
        Using default temp DH parameters
        Using default temp ECDH parameters
        ACCEPT
        ERROR
        12055:error:1409B004:SSL routines:SSL3_SEND_SERVER_KEY_EXCHANGE:RSA
lib:s3_srvr.c:1477:
        shutting down SSL
        CONNECTION CLOSED
        ACCEPT

regards,
Elwin.


On 1/12/07, Elwin Stelzer Eliazer <[EMAIL PROTECTED]> wrote:


Hi,

I tried the s_client and s_server programs with cavium acceleration, and i
am getting the following error at the client side:
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, and the handshake aborts.

Shown below is how i invoked the client and server side.
# ./openssl s_server
# ./openssl s_client -engine cavium

When i do not have the "-engine cavium" option at the client side, the
program is perfectly working fine.

Anyone having input on what could have gone wrong?
Any suggestions?

Thanks in advance.

cheers,
Elwin.

Reply via email to