[Axiscpp1.6] Problems connecting with SSL

[Wayne Johnson <wd...@yahoo.com>]

I'm able to connect via SSL to our web service on one Solaris Machine, but not another.  In the logging, I found the error:
 AxisTransportException: Cannot open a channel to the remote end.
OpenSSL error is -1 - error:00000000:lib(0):func(0):reason(0)

After doing some research, looks like this is the sort of error OpenSSL returns when it can't complete it's handshake with the server.

I have a self signed certificate defined for localhost.  The same certificate is installed on both systems, and I am connecting with https:localhost/...

My only guess is that I need to add a CA certificate on the client side.  (somehow the working system must have one installed by default).  I've figured out how to do this on a Java app, but I am not finding much on how to set it up with OpenSSL & AxisCPP.

I'm guessing it has something to do with the SecureInfo parameter in the configuration, but I have no clue what to put in there.  The OpenSSL docs are not much help either.

Anyone have any ideas?  Any examples?  Any references?

Thanks.

 



--- 
Wayne Johnson,                         | There are two kinds of people: Those 
3943 Penn Ave. N.          | who say to God, "Thy will be done," 
Minneapolis, MN 55412-1908 | and those to whom God says, "All right, 
(612) 522-7003                         | then,  have it your way." --C.S. Lewis

       
---------------------------------
Need a vacation? Get great deals to amazing places on Yahoo! Travel. 

Re: [Axiscpp1.6] Problems connecting with SSL

[Wayne Johnson <wd...@yahoo.com>]

It seems that my issues with SSL not working on only some Solaris systems was due to a frequent problem with SSL, "PRNG not seeded".  Seems like us Solaris people need a patch to get our systems randomer. See the SSL FAQ at http://www.openssl.org/support/faq.html#USER1 for details.  Figured I'd put this out on the Axis mailing list to help the next poor unsuspecting person to get hit.

It was further aggravated by a incorrect error message passed back in a pre-SVN version of HTTPSSLChannel.cpp I was testing for Nadir (no slight intended, this was, after all the purpose of testing it).  

Nadir, I'll send you a patch to your patch as soon as I have it tested (hopefully later today).

Wayne Johnson <wd...@yahoo.com> wrote: I'm able to connect via SSL to our web service on one Solaris Machine, but not another.  In the logging, I found the error:
 AxisTransportException: Cannot open a channel to the remote end.
OpenSSL error is -1 - error:00000000:lib(0):func(0):reason(0)

After doing some research, looks like this is the sort of error OpenSSL returns when it can't complete it's handshake with the server.

I have a self signed certificate defined for localhost.  The same certificate is installed on both systems, and I am connecting with https:localhost/...

My only guess is that I need to add a CA certificate on the client side.  (somehow the working system must have one installed by default).  I've figured out how to do this on a Java app, but I am not finding much on how to set it up with OpenSSL & AxisCPP.

I'm guessing it has something to do with the SecureInfo parameter in the configuration, but I have no clue what to put in  there.  The OpenSSL docs are not much help either.

Anyone have any ideas?  Any examples?  Any references?

Thanks.

 



--- 
Wayne Johnson,                         | There are two kinds of people: Those 
3943 Penn Ave. N.          | who say to God, "Thy will be done," 
Minneapolis, MN 55412-1908 | and those to whom God says, "All right, 
(612)  522-7003                         | then,  have it your way." --C.S. Lewis
        

---------------------------------
Need a vacation? Get great deals  to amazing places on Yahoo! Travel. 


--- 
Wayne Johnson,                         | There are two kinds of people: Those 
3943 Penn Ave. N.          | who say to God, "Thy will be done," 
Minneapolis, MN 55412-1908 | and those to whom God says, "All right, 
(612) 522-7003                         | then,  have it your way." --C.S. Lewis

 
---------------------------------
Don't get soaked.  Take a quick peak at the forecast 
 with theYahoo! Search weather shortcut.