[Box Backup] RSA_padding_check_PKCS1_type_1:block type is not 01

Chris Wilson chris at qwirx.com
Sun Apr 7 12:37:55 BST 2013

Hi Chris,

I'm sorry you had problems installing the Debian Wheezy packages. I wish I 
could help in getting them fixed up.

On Sat, 6 Apr 2013, Chris Walker wrote:

> Anyway, I got the server up and running, I'm now having problems getting
> clients functioning.
> 1) I did bbackupd-config /etc/boxbackup lazy 0 backup01.cableninja.net
> 2) I got the csr it spit out and took it to the backup server
> 3) used bbstored-certs /etc/boxbackup sign
> /etc/boxbackup/bbstored/clients/0-csr.pem
> 4) I took the /etc/boxbackup/bbstored/roots/serverCA.pem and
> /etc/boxbackup/bbstored/clients/0-cert.pem to the server being backed up.
> 5) verified all paths were correct and attempted to start bbackupd.
> Initially I got no output until I started using -V -D (and specifying
> the config path).
> Any help would be greatly appreciated
> OpenVZ System on Centos 6.4 2.6.32-042stab075.2, Container Debian Wheezy
> - Kernel 3.2.0-4 - BoxBackup 0.11rc8+2837
> root at db01:/# bbackupd -V -D /etc/boxbackup/bbackupd.conf
> NOTICE:  Starting daemon, version: 0.11rc8+2837
> INFO:    Opening connection to server 'backup01.cableninja.net'...
> ERROR:   SSL error while connecting: error:0407006A:rsa
> routines:RSA_padding_check_PKCS1_type_1:block type is not 01
> ERROR:   SSL error while connecting: error:04067072:rsa
> routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
> ERROR:   SSL error while connecting: error:0D0C5006:asn1 encoding
> routines:ASN1_item_verify:EVP lib
> ERROR:   SSL error while connecting: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

I've never seen this error before, and I can't guess very accurately 
what's causing it. It looks almost like a failure to speak the (same) SSL 
protocol between the two sides. I was able to connect to your boxbackup 
server over the Internet using openssl s_client and it did negotiate SSL 
properly, so I think the server is working.

I'm not sure I understand your setup correctly. Are both server and 
client OpenVZ containers running on Centos 6.4 hosts? Is the host 32-bit 
or 64-bit?

Are the clients both Debian Wheezy? 32-bit or 64-bit? Did you get the Box 
Backup packages from Debian in both cases?

Do you have any other Box Backup servers that you could try connecting 
your client to, that are known to be working?

Could you try this on your client, and let me know what the output is:

   openssl s_client -connect backup01.cableninja.net:2201

You could try the same command with -cert, -key and -CAfile pointing to 
your bbackupd certificate, private key and trusted CAs PEM files, and it 
should stay connected to the server (and not be disconnected due to not 
providing a valid certificate to the server).

Unless something obvious comes up, I think I'm going to have to reproduce 
the problem.

Cheers, Chris.
_____ __     _
\  __/ / ,__(_)_  | Chris Wilson <chris+sig at qwirx.com> Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\__/_/_/_//_/___/ | We are GNU : free your mind & your software |

More information about the Boxbackup mailing list