The Shibboleth V1 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.

SSLCtxCallbackError

Owned by Scott Cantor
Last updated: Feb 16, 2008 by Former user (Deleted)Version comment
1 min read

error signaled by ssl ctx callback

Summary

This error is unfortunately a very cryptic message because it's not a core Shibboleth message, but an SSL message. It occurs when the callback to the AA or the Artifact servlet is being set up (using SSL and mutual auth). It will be displayed as a session creation failure to the user. The error simply signals that the SSL handshake aborted for some reason.

Possible Causes and Solutions

  • OpenSSL version problems.
  • The reason might be as simple as that your private key is encrypted and you didn't provide a password to decrypt it. So the solution is to decrypt the private key or provide a password in the credentialsresolver in ShibbolethXml. This particular error shows these lines in shibd.log: 
    2006-03-01 10:31:29 DEBUG shibtarget.ShibHTTPHook [0] sessionNew: OpenSAML invoked SSL context callback
2006-03-01 10:31:29 ERROR OpenSSL [0] sessionNew: error code: 151429224 in pem_lib.c, line 399
2006-03-01 10:31:29 ERROR OpenSSL [0] sessionNew: error code: 336265225 in ssl_rsa.c, line 709
2006-03-01 10:31:29 ERROR shibtarget.ShibHTTPHook [0] sessionNew: caught a SAML exception while attaching credentials to request: Unable to attach private key to SSL context
2006-03-01 10:31:29 DEBUG SAML.libcurl [0] sessionNew: error signaled by ssl ctx callback
2006-03-01 10:31:29 DEBUG SAML.libcurl [0] sessionNew: Closing connection #0
2006-03-01 10:31:29 ERROR SAML.SAMLSOAPHTTPBinding [0] sessionNew: failed while contacting SAML responder: error signaled by ssl ctx callback
2006-03-01 10:31:29 ERROR shibd.Listener [0] sessionNew: caught exception while creating session: SOAPHTTPBindingProvider::send() failed while contacting SAML responder: error signaled by ssl ctx callback