Re: [Cdsa-discuss] Questions about OpenSSL-based CSP
Status: Abandoned
Brought to you by:
mdwood-intel
Menu
▾
▴
Re: [Cdsa-discuss] Questions about OpenSSL-based CSP
|
From: Tom W. <woo...@zk...> - 2001-10-10 20:01:35
|
Hi, The reason you can load the EAY CSP as root, but not as a normal user is that the CSP uses the same private key file for all users. That file is /var/cdsa/eaycsp.pri. As CSSM_ModuleLoad() loads the CSP, the CSP tries to open the file with read/write access. If you look at the file's permissions and ownership, you'll see why the open fails for the normal user. The error code of -2147483639 is a clue. Its hex value is 0x80000009, which csm_keymgr.h says is KMERR_FILE_OPEN_FAILED. We ran into this same problem here at Compaq when we ported CDSA to Tru64 UNIX, so we modified the CSP to put the private key file in the user's home directory. Regards, Tom Woodburn Compaq Computer Corporation |