Administrator Guide : Security : Troubleshooting encryption and authentication
  
Troubleshooting encryption and authentication
External authentication requires the use of OpenSSL. If the use of OpenSSL is not enabled or solidDB® server or client cannot load the OpenSSL libcrypto library, the server startup or client connection fails.
solidDB® server startup fails with error External authentication requires OpenSSL to be enabled or OpenSSL enabled, but failed to load the OpenSSL libcrypto library
Symptom
The solidDB® server startup fails with the following type of errors in solmsg.out and solerr.out:
UNICOM soliddb process has encountered an internal error is unable to continue normally.
External authentication requires Crypto to be enabled.
...
Server emergency shutdown.
UNICOM soliddb process has encountered an internal error is unable to continue normally.
Crypto enabled, but failed to load the Crypto library. Check the library path.
...
Server emergency shutdown.
Causes
If there is only one database administrator account and the account is externally authenticated and General.UseCryptoLib is set to no, the solidDB® server startup fails with the error External authentication requires OpenSSL to be enabled.
If the database administrator account is authenticated internally but other users are authenticated externally, solidDB® server will start even if General.UseCryptoLib is set to no. However, connections for externally authenticated users fails with error Error 08004: Server rejected the connection.
If General.UseCryptoLib is set to yes and solidDB® cannot load the OpenSSL libcrypto library, the solidDB® server startup fails with the error crypto enabled, but failed to load the OpenSSL library. Check the library path.
Recovery
1 Check that OpenSSL is installed on the server computer.
2 Check that server-side solid.ini file contains the following parameter settings:
[General]
UseCryptoLib=yes
CryptoLibPath=<valid_path_to_OpenSSL_library>
Related tasks
Encryption
Connection for an externally authenticated user fails at SQLAllocEnv
Symptom
The connection from solidDB® ODBC Driver or solidDB® data management tools (such as solidDB® SQL Editor (solsql)) for an externally authenticated user fails at the function call SQLAllocEnv.
Causes
To use external authentication, the use of OpenSSL must be enabled and the solidDB® client must be able to load the OpenSSL libcrypto library. If the solidDB® client cannot access the OpenSSL libcrypto library, the login data for an externally authenticated user cannot be verified.
Recovery
1 Check that OpenSSL is installed on the client computer.
2 Check that the client-side solid.ini file contains the following parameter settings:
[Client]
UseCryptoLib=yes
CryptoLibPath=<valid_path_to_OpenSSL_library>
The path to OpenSSL libcrypto library must be provided using the conventions of your operating system. For example, in Windows environments, if the path contains white space characters, the path must be enclosed in double quotations marks.
CryptoLibPath="C:\Program Files\UNICOM\soliddb\soliddb100.0\bin"
or:
3 Set the Client.UseCryptoLib parameter to no.
4 Log in to solidDB® as an internally authenticated user.
Related tasks
Encryption
Connection for an externally authenticated user fails with Error 08004: Server rejected the connection
Symptom
The client connection for an externally authenticated user fails with Error 08004: Server rejected the connection.
Causes
The user name or password you entered was incorrect.
To use external authentication, the use of OpenSSL must be enabled on both the server and client computer. If the use of OpenSSL is not enabled on the server side, solidDB® server rejects the connections from externally authenticated users.
Recovery
1 Check that OpenSSL is installed on the server computer.
2 Check that server-side solid.ini file contains the following parameter settings:
[General]
UseCryptoLib=yes
CryptoLibPath=<valid_path_to_OpenSSL_library>
External authentication with Java fails with java.lang.UnsatisfiedLinkError: ssolidac70
Symptom
The connection from solidDB® JDBC Driver for an externally authenticated user fails with the following type of Java exception.
Exception in thread "main" java.lang.UnsatisfiedLinkError:
ssolidac70 (Not found in java.library.path)
at java.lang.ClassLoader.loadLibraryWithPath(ClassLoader.java:995)
at java.lang.ClassLoader.loadLibraryWithClassLoader(ClassLoader.java:959)
at java.lang.System.loadLibrary(System.java:453)
at solid.jdbc.SolidConnection.loadDll(Unknown Source)
at solid.jdbc.SolidConnection.<init>(Unknown Source)
at solid.jdbc.SolidDriver.connect(Unknown Source)
at java.sql.DriverManager.getConnection(DriverManager.java:572)
at java.sql.DriverManager.getConnection(DriverManager.java:165)
at sample1.main(sample1.java:79)
Causes
To use external authentication, the use of OpenSSL must be enabled and the solidDB® JDBC client must be able to load the OpenSSL and the linked library access (LLA) libraries.
Recovery
Check that the bit level of your Java installation is the same as the bit level of your solidDB® installation. For example, a 64-bit LLA library does not work with 32-bit Java.
Check that OpenSSL and LLA libraries are installed on the client computer.
The OpenSSL libcrypto/libeay32 must have the same bit level as your solidDB® installation. For example, 64-bit LLA library will not function with 32-bit OpenSSL library.
Check that you have defined the location of the LLA library correctly.
For example, in Windows environments, if the path contains a white space character, the path must be enclosed in double quotation marks.
set PATH="<solidDB installation directory>\bin";%PATH%
See also
Security