Hi,

has anyone successfully used proftpd with an NCipher hardware security
module (OpenSSL engine "chil")?

I get ssl errors:

Oct 09 15:11:21 mod_tls/2.1.2[1703]: TLS/TLS-C requested, starting TLS
handshake
Oct 09 15:11:21 mod_tls/2.1.2[1703]: unable to accept TLS connection:
(1) error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt error
Oct 09 15:11:21 mod_tls/2.1.2[1703]: TLS/TLS-C negotiation failed on
control channel

The client (lftp) says:
SSL connect: error:0407006A:rsa
routines:RSA_padding_check_PKCS1_type_1:block type is not 01


NCiphers usually give similar ssl errors if the private key file (which is
by itself invalid and only a reference to the actual key stored inside the
hardware module) is used directly and not via the hardware engine.
Therefore I think maybe proftpd is doing something wrong here, despite the
logfile saying "using TLSCryptoDevice 'chil'".

I have verified that my certificates+keys work with "openssl s_server
-engine chil" and that mod_tls works with "normal" certificates and
TLSCryptoDevice switched off. I use proftpd 1.3.1 with openssl 0.9.7m.

Any ideas? TIA.

Cheers,
Stefan




-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
ProFTPD Users List
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html