I'm experiencing a problem trying to establish a TLS-connection to our
SIP-platform. The error occurs both when trying to connect using another
SIP-server and when using openssl s_client. The problem is not
intermittent and can be reproduced every time.
error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is
not 01
Error code = 67567722 file=rsa_pk1.c line=100
error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
Error code = 67530866 file=rsa_eay.c line=699
error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib
Error code = 218910726 file=a_verify.c line=168
error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate
returned
Error code = 336105650 file=s3_srvr.c line=2525
Some information about the system not working:
Linux 2.6.26-2-amd64 #1 SMP Wed May 12 18:03:14 UTC 2010 x86_64
GNU/Linux
#define OPENSSL_VERSION_NUMBER 0x0090807fL
#ifdef OPENSSL_FIPS
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8g-fips 19 Oct 2007"
#else
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8g 19 Oct 2007"
#endif
However when trying to connect to the same version of our SIP-platform
on another machine (using the same client cert/key), no error occurs.
Linux 2.6.18-5-686 #1 SMP Mon Dec 24 16:41:07 UTC 2007 i686 GNU/Linux
#define OPENSSL_VERSION_NUMBER 0x0090803f
#ifdef OPENSSL_FIPS
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8c-fips 05 Sep 2006"
#else
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8c 05 Sep 2006"
#endif
Both machines have certificates issued by our own private CA.
Can someone please help me understand what's going wrong?
Thanks!
Regards,
Krister
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
> Hi!
>
> I'm experiencing a problem trying to establish a TLS-connection to our
> SIP-platform. The error occurs both when trying to connect using another
> SIP-server and when using openssl s_client. The problem is not
> intermittent and can be reproduced every time.
>
> error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is
> not 01
> Error code = 67567722 file=rsa_pk1.c line=100
> error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
> Error code = 67530866 file=rsa_eay.c line=699
> error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib
> Error code = 218910726 file=a_verify.c line=168
> error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate
> returned
> Error code = 336105650 file=s3_srvr.c line=2525
>
> Some information about the system not working:
>
I suggest you log the input to the failing RSA function (public key and passed
buffer) and post the results.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
Forgive me, but is it the arguments to RSA_padding_check_PKCS1_type_1()
that you are interested in (ie. to, num, buf)?
Thanks for your help!
Regards,
Krister