Archived

This forum has been archived. Please start a new discussion on GitHub.

unable to load certificate authorities

xdm
xdm La Coruña, Spain
Hellow everybody I trying to add ssl endpoints to an IceAplication

I create a certificate authoroty whith openssl
openssl req -out ca.pem -new -x509

this generates tow files ca.pem and privkey.pem


my config file for IceSLL

<?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?>
<!DOCTYPE SSLConfig SYSTEM "sslconfig.dtd">
<SSLConfig>
<server>
<general version="SSLv23" cipherlist="RC4-MD5" verifymode="fail_no_cert|peer" verifydepth="10" />
<certauthority file="/home/pepone/TiendaRez/Tienda-0.4.2/ca.pem" />
<basecerts>
<dsacert keysize="2048" verifymode="peer" verifydepth="10">
<public encoding="PEM" filename="ca.pem" />
<private encoding="PEM" filename="privkey.pem" />
</dsacert>
</basecerts>
</server>
</SSLConfig>

and I set the next properties in config file for server


Ice.Plugin.IceSSL=IceSSL:create
IceSSL.Server.CertPath=/home/pepone/TiendaRez/Tienda-0.4.2
IceSSL.Server.Config=sslconfig_1.xml
IceSSL.Server.Passphrase.Retries=1
IceSSL.Trace.Security=2


But the problem is that when I run the server i see the next

bash-2.05b$ ./serverTienda
Enter PEM pass phrase:
[ ./serverTienda: Security: WRN unable to load certificate authorities. ]
Almacen initializer

came samebody sayme what i doing wrong? thanks you all for your time

Comments

  • mes
    mes California
    Hi,

    I tried, but I wasn't able to reproduce this error. We can probably resolve this quickly if you're willing to make a minor change to the IceSSL source and rebuild the library.

    Edit src/IceSSL/Context.cpp and add the code shown below at line 257:
        if(!loadVerifyRet)
        {
            cerr << sslGetErrors() << endl; // ADD THIS LINE
            if(_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
            {
                Trace out(_communicator->getLogger(), _traceLevels->securityCat);
                out << "WRN unable to load certificate authorities.";
            }
        }
    
    After making this change, re-run 'make' to rebuild the IceSSL shared library, and try running your server again. Please post the error messages that are printed.

    Take care,
    - Mark
  • xdm
    xdm La Coruña, Spain
    error mesage

    Enter PEM pass phrase:
    1 - Thread ID: 16384
    1 - Error: 184959089
    1 - Message: error:0B064071:x509 certificate routines:ADD_CERT_DIR:invalid directory
    1 - Location: by_dir.c, 187

    [ ./serverTienda: Security: WRN unable to load certificate authorities. ]
    Almacen initializer

    I encoutred the same error when i run demo/Glacier/session/server if I set the Ice.Security.Trace=2
  • mes
    mes California
    Sorry for the late response.

    I was able to reproduce this problem, and it's caused by a bug in IceSSL. You can fix it by editing src/IceSSL/Context.cpp and changing line 245 from
        if(!certPath.length())
    
    to
        if(!certPath.empty())
    
    Take care,
    - Mark