OpenStack Object Storage (swift)

SSL connection error

Asked by Hugo Kou on 2011-11-02

Well , We could easily using SSL via self-signed

But we want to use a internal 3'rd party trusted certification for our swift
I tried windows CA and OpenSSL CA , but while handshake between swift-proxy and any client , got some problem as followed ..

1. root@swift:/etc/swift# curl -k -v -H "X-Auth-User: admin:admin" -H "X-Auth-Pass: admin" https://swift.cloudena.com/auth/v1.0
* About to connect() to swift.cloudena.com port 443 (#0)
* Trying 10.103.1.136... connected
* Connected to swift.cloudena.com (10.103.1.136) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to swift.cloudena.com:443
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to swift.cloudena.com:443

=====proxy.error====
Nov 2 12:32:57 swift proxy-server UNCAUGHT EXCEPTION#012Traceback (most recent call last):#012 File "/usr/local/bin/swift-proxy-server", line 7, in <module>#012 execfile(__file__)#012 File "/opt/swift/bin/swift-proxy-server", line 22, in <module>#012 run_wsgi(conf_file, 'proxy-server', default_port=8080, **options)#012 File "/opt/swift/swift/common/wsgi.py", line 172, in run_wsgi#012 run_server()#012 File "/opt/swift/swift/common/wsgi.py", line 137, in run_server#012 wsgi.server(sock, app, NullLogger(), custom_pool=pool)#012 File "/usr/lib/pymodules/python2.7/eventlet/wsgi.py", line 587, in server#012 client_socket = sock.accept()#012 File "/usr/lib/pymodules/python2.7/eventlet/green/ssl.py", line 301, in accept#012 suppress_ragged_eofs=self.suppress_ragged_eofs)#012 File "/usr/lib/pymodules/python2.7/eventlet/green/ssl.py", line 47, in __init__#012 super(GreenSSLSocket, self).__init__(sock.fd, *args, **kw)#012 File "/usr/lib/python2.7/ssl.py", line 119, in __init__#012 ciphers)#012SSLError: [Errno 336265225] _ssl.c:347: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
Nov 2 12:32:57 swift proxy-server Removing dead child 7982
Nov 2 12:32:57 swift proxy-server Started child 8022

=====swift.cloudena.com.crt=====

=====swift.cloudena.com.key=====

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,2509981F581C3DD7

PWzhnVHL3eRSlGN6zNo3cfdj+nx12Bc4+VCkZhMYLllG3pQx2bfZqHwHxa+38cx0
44IX1yV9TYLeYb9TRB9XhuKPCpSKyzakmPpp6yIai2xAqAkXy6LUksEd3xHrCcVE
aaJJRVjOTQUWtUZs14sVB8+tWQd89KkJ0VuJyHrtrgKBeHJzGK99wSSaH4RpGkTG
5aNRG+EzQLTzKgdooT01dVPk9edjvoR8smTK85KWdASfA+I+guhAzpVYvUb7Zt9i
5e2If4vRUcYSpiMClq0GoXKQVXdeDJWGkKXUoVCPa1gMRUSGd6mG8byDHlgPeRYP
dG9pl+tdEwB4y8bESIDOjzyJhbLNkDQrL70wS/uga7yZTvwu2P74yAPvu8abmLVG
lYm8MS0MJYg2A/nwf2kvamK2E48cN8BJAl+K98k6CW9rfHJp/vG34Sgqn2DpxIwF
hOqND7gkacyyDyBRCmYhdXFpVQ9AtmyNO/6JWG7V6fRO2gr2k8gp9SyOaHAKQWVn
dFT9x6rrVQqGGsQW8GVKol75JRi4v2d/6oq886os3P0tlcpWqjhrZCc2CFAhPwz0
wrth9Pe7t/m5Qc+Xlx34uHhW/RsUpnuH4NoHigSbK7NsOimJwhgbAIlaJUzMxB8e
SI6BcM247odTm3pX6L/h/Mb4MA4kSRNqitpVWPR9/KuUSrlsNbVAkr6qYd0sU70J
7BJ9FvMih9l4d1Uhj4XQsT7I7wNWX174yfZgOzJzquq8WpFpHQUZEj52cTnJjJrD
qCjwbuPtGAy1K8hTE9pEx4Ad95HzT4OMCsIx86ZK7PvoCvH0O6ELZQ==