Hi! I'm experiencing a problem trying to establish a TLS-connection to our SIP-platform. The error occurs both when trying to connect using another SIP-server and when using openssl s_client. The problem is not intermittent and can be reproduced every time.
error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01 Error code = 67567722 file=rsa_pk1.c line=100 error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed Error code = 67530866 file=rsa_eay.c line=699 error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib Error code = 218910726 file=a_verify.c line=168 error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned Error code = 336105650 file=s3_srvr.c line=2525 Some information about the system not working: Linux 2.6.26-2-amd64 #1 SMP Wed May 12 18:03:14 UTC 2010 x86_64 GNU/Linux #define OPENSSL_VERSION_NUMBER 0x0090807fL #ifdef OPENSSL_FIPS #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8g-fips 19 Oct 2007" #else #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8g 19 Oct 2007" #endif However when trying to connect to the same version of our SIP-platform on another machine (using the same client cert/key), no error occurs. Linux 2.6.18-5-686 #1 SMP Mon Dec 24 16:41:07 UTC 2007 i686 GNU/Linux #define OPENSSL_VERSION_NUMBER 0x0090803f #ifdef OPENSSL_FIPS #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8c-fips 05 Sep 2006" #else #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8c 05 Sep 2006" #endif Both machines have certificates issued by our own private CA. Can someone please help me understand what's going wrong? Thanks! Regards, Krister ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
