Kbase P118642: Error 9318 when making a connection to a secure socket
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
20/01/2011 |
|
Status: Verified
SYMPTOM(s):
Error 9318 when making a connection to a secure socket
Secure Socket Layer (SSL) failure. error code -54: non-critical basic constraint failure: for hashfile.0 in $DLC/certs (9318)
Server has a multi CA certificate in place
Server has a Keon Certificate Server generated certificate with a multi CA path
Client application is running on any platform different than Linux or AIX64 where OpenSSL libraries are used for the SSL environment
FACT(s) (Environment):
Progress 9.x
OpenEdge 10.0B
All Supported Operating Systems
CAUSE:
Bug# OE00132075
FIX:
Option #1
Upgrade to 10.1A02
Upgrade to 10.1B
Option #2
To avoid the problem start the Progress client with the parameter -sslverify 1
This parameter is not valid in Linux and AIX64 since those platforms use OpenSSL libraries instead of RSA. These are the possible SSL Server Verification Levels:
Level
-sslverify value
Description
None
0
No certificate verification. The only way the SSL server verification will fail is if an internal library error is encountered.
Basic
1
This SSL server verification level includes internal library errors and the following conditions:
Unable to find the certificate for one of the Certificate Authorities (CAs) in the signing hierarchy and that CA is not trusted by the client application. CA certificate not found in $DLC/certs directoryDecryption failed for the certificate digital signature. Public key information could not be retrieved from the certificate. Verification of the certificate?s public key information failed. The signature on the server certificate could not be verified.
(Default)
2
This SSL server verification level includes all the Basic verification failures, internal library errors, and the following conditions:
The certificate?s NotBefore information could not be retrieved from the certificate. The certificate?s NotAfter information could not be retrieved from the certificate. The certificate?s NotBefore date is in the future, the certificate is not active. The certificate?s NotAfter date is in the past, the certificate is expired. The first certificate in the chain is self signed. An intermediate self-signed certificate was found in the chain. The certificate chain exceeds the maximum number of intermediate certificates.
Full
3
This SSL server verification level includes all the Basic and Standard verification failures, internal library errors, and the following conditions:
No Certificate Revocation List (CRL) was available. Decryption failed for the CRL signature. Verification of the public key information and CRL failed. The CRL NotBefore date is in the future, the CRL is not active. The CRL NotAfter date is in the past, the CRL has expired. The last update information could not be retrieved from the CRL. The CRL?s next update information could not be retrieved from the CRL. The certificate has been revoked by its CA. The certificate has a critical basic constraints failure. The certificate has a non-critical basic constraints failure.