Hi, changing the UID of the running Apache processes to 0 (root) showed that it is a matter of privileges.
# /usr/bin/pcred -u 0 <pid> Regards, Armin > -----Ursprüngliche Nachricht----- > Von: Abfalterer, Armin > Gesendet: Montag, 13. Mai 2013 09:59 > An: users@httpd.apache.org > Betreff: [users@httpd] bad record mac error with nCipher nFast [signed OK] > > Hi all, > > we run a nCipher nFast card under Solaris and we've embedded the private key > of our Apache server on this card. Apache is configured to use the Open SSL > "chil" engine and the embedded key. > > When we want to connect to the Apache server we run into a "bad record mac" > error. > > [Wed May 08 13:59:16 2013] [debug] ssl_engine_kernel.c(1958): OpenSSL: > Write: SSLv3 read certificate verify A #9121(65) > [Wed May 08 13:59:16 2013] [debug] ssl_engine_kernel.c(1977): OpenSSL: Exit: > error in SSLv3 read certificate verify A #9121(65) > [Wed May 08 13:59:16 2013] [debug] ssl_engine_kernel.c(1977): OpenSSL: Exit: > error in SSLv3 read certificate verify A #9121(65) > [Wed May 08 13:59:16 2013] [info] SSL library error 1 in handshake (server > atlas:443) #9121(65) > [Wed May 08 13:59:16 2013] [info] SSL Library Error: 336130329 > error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad > record > mac #9121(65) > [Wed May 08 13:59:16 2013] [debug] ssl_engine_io.c(1007): Connection closed > to child 62 with abortive shutdown (server atlas:443 > ) #9121(65) > > Tests without the card and the original private key do not fail so we can > exclude > a SSL configuration problem. > > Anyone who can give a hint how to track down the problem on the nCipher > card? > > Thanks! > > Regards, Armin
smime.p7s
Description: S/MIME cryptographic signature
