Ask Your Question
0

SSL connection error

asked 2011-11-02 04:39:42 -0500

tonytkdk gravatar image

Well , We could easily using SSL via self-signed

But we want to use a internal 3'rd party trusted certification for our swift I tried windows CA and OpenSSL CA , but while handshake between swift-proxy and any client , got some problem as followed ..

  1. root@swift:/etc/swift# curl -k -v -H "X-Auth-User: admin:admin" -H "X-Auth-Pass: admin" https://swift.cloudena.com/auth/v1.0
  2. About to connect() to http://swift.cloudena.com port 443 (#0)
  3. Trying 10.103.1.136... connected
  4. Connected to http://swift.cloudena.com (10.103.1.136) port 443 (#0)
  5. successfully set certificate verify locations:
  6. CAfile: none CApath: /etc/ssl/certs
  7. SSLv3, TLS handshake, Client hello (1):
  8. Unknown SSL protocol error in connection to swift.cloudena.com:443
  9. Closing connection #0 curl: (35) Unknown SSL protocol error in connection to swift.cloudena.com:443

=====proxy.error==== Nov 2 12:32:57 swift proxy-server UNCAUGHT EXCEPTION#012Traceback (most recent call last):#012 File "/usr/local/bin/swift-proxy-server", line 7, in <module>#012 execfile(__file__)#012 File "/opt/swift/bin/swift-proxy-server", line 22, in <module>#012 run_wsgi(conf_file, 'proxy-server', default_port=8080, *options)#012 File "/opt/swift/swift/common/wsgi.py", line 172, in run_wsgi#012 run_server()#012 File "/opt/swift/swift/common/wsgi.py", line 137, in run_server#012 wsgi.server(sock, app, NullLogger(), custom_pool=pool)#012 File "/usr/lib/pymodules/python2.7/eventlet/wsgi.py", line 587, in server#012 client_socket = sock.accept()#012 File "/usr/lib/pymodules/python2.7/eventlet/green/ssl.py", line 301, in accept#012 suppress_ragged_eofs=self.suppress_ragged_eofs)#012 File "/usr/lib/pymodules/python2.7/eventlet/green/ssl.py", line 47, in __init__#012 super(GreenSSLSocket, self).__init__(sock.fd, *args, *kw)#012 File "/usr/lib/python2.7/ssl.py", line 119, in __init__#012 ciphers)#012SSLError: [Errno 336265225] _ssl.c:347: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib Nov 2 12:32:57 swift proxy-server Removing dead child 7982 Nov 2 12:32:57 swift proxy-server Started child 8022

=====swift.cloudena.com.crt=====

-----BEGIN CERTIFICATE----- MIIDpTCCAw6gAwIBAgIJAPzTdZ09wyP2MA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD VQQGEwJUVzEPMA0GA1UECBMGVGFpd2FuMRcwFQYDVQQHEw5UYWl3YW4gY291bnRy eTEOMAwGA1UEChMFY2xvdWQxCzAJBgNVBAsTAklUMRswGQYDVQQDExJzd2lmdC5j bG91ZGVuYS5jb20xITAfBgkqhkiG9w0BCQEWEnRvbnl0a2RrQGdtYWlsLmNvbTAe Fw0xMTExMDIwMzI1MDVaFw0xNDExMDEwMzI1MDVaMIGUMQswCQYDVQQGEwJUVzEP MA0GA1UECBMGVGFpd2FuMRcwFQYDVQQHEw5UYWl3YW4gY291bnRyeTEOMAwGA1UE ChMFY2xvdWQxCzAJBgNVBAsTAklUMRswGQYDVQQDExJzd2lmdC5jbG91ZGVuYS5j b20xITAfBgkqhkiG9w0BCQEWEnRvbnl0a2RrQGdtYWlsLmNvbTCBnzANBgkqhkiG 9w0BAQEFAAOBjQAwgYkCgYEAzB0EXhO1MzvoWAKFp+wPdAuVEt33uUE7jin6n8H0 pYf69be9UKhomTzS6iYG+HwvjwkGfR4aCLbV8F3nRs00IimM05/Q+qCXd7wr9tn/ yp8vsPO7za/O2mY378vYow9GTYj2Rkqi3GdeIhS6a0bgWwDbfoXif8gJOAbMXRNX dF8CAwEAAaOB/DCB+TAdBgNVHQ4EFgQURTI/OFWa9X8w2j1pHM1JbeiA/FIwgckG A1UdIwSBwTCBvoAURTI/OFWa9X8w2j1pHM1JbeiA/FKhgZqkgZcwgZQxCzAJBgNV BAYTAlRXMQ8wDQYDVQQIEwZUYWl3YW4xFzAVBgNVBAcTDlRhaXdhbiBjb3VudHJ5 MQ4wDAYDVQQKEwVjbG91ZDELMAkGA1UECxMCSVQxGzAZBgNVBAMTEnN3aWZ0LmNs b3VkZW5hLmNvbTEhMB8GCSqGSIb3DQEJARYSdG9ueXRrZGtAZ21haWwuY29tggkA /NN1nT3DI/YwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQA294xYS/DV rcf3Woq/T7zVCL9u0uYO3kPoaiofFOpVOzlp1X8ziJDA5NL5PWrZcrHSN6W3ihE8 dc8shi+W1JHx65tgo/iOitKyh0S/BlSM9LEDZJe0ZCLj4LHiF4gEAiB3lbY2xh1a 8p1qetugETs2y+qNOUJWJV4SdC1hKlQVfA== -----END CERTIFICATE-----

=====swift.cloudena.com.key=====

-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,2509981F581C3DD7

PWzhnVHL3eRSlGN6zNo3cfdj+nx12Bc4+VCkZhMYLllG3pQx2bfZqHwHxa+38cx0 44IX1yV9TYLeYb9TRB9XhuKPCpSKyzakmPpp6yIai2xAqAkXy6LUksEd3xHrCcVE aaJJRVjOTQUWtUZs14sVB8+tWQd89KkJ0VuJyHrtrgKBeHJzGK99wSSaH4RpGkTG 5aNRG+EzQLTzKgdooT01dVPk9edjvoR8smTK85KWdASfA+I+guhAzpVYvUb7Zt9i 5e2If4vRUcYSpiMClq0GoXKQVXdeDJWGkKXUoVCPa1gMRUSGd6mG8byDHlgPeRYP dG9pl+tdEwB4y8bESIDOjzyJhbLNkDQrL70wS/uga7yZTvwu2P74yAPvu8abmLVG lYm8MS0MJYg2A/nwf2kvamK2E48cN8BJAl+K98k6CW9rfHJp/vG34Sgqn2DpxIwF hOqND7gkacyyDyBRCmYhdXFpVQ9AtmyNO/6JWG7V6fRO2gr2k8gp9SyOaHAKQWVn dFT9x6rrVQqGGsQW8GVKol75JRi4v2d/6oq886os3P0tlcpWqjhrZCc2CFAhPwz0 wrth9Pe7t/m5Qc+Xlx34uHhW/RsUpnuH4NoHigSbK7NsOimJwhgbAIlaJUzMxB8e SI6BcM247odTm3pX6L/h/Mb4MA4kSRNqitpVWPR9/KuUSrlsNbVAkr6qYd0sU70J 7BJ9FvMih9l4d1Uhj4XQsT7I7wNWX174yfZgOzJzquq8WpFpHQUZEj52cTnJjJrD qCjwbuPtGAy1K8hTE9pEx4Ad95HzT4OMCsIx86ZK7PvoCvH0O6ELZQ==

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2011-11-02 13:11:36 -0500

tonytkdk gravatar image

Gladinet works with swift now

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2011-11-02 04:39:42 -0500

Seen: 200 times

Last updated: Nov 02 '11