On Sat Aug 27 14:01:11 2016, 1047941...@qq.com wrote: > hello: > i want to use libcurl with openssl, and i build openssl use this > cmd: > "perl configure VC-WIN32 no-asm -DOPENSSL_SSL_CLIENT_ENGINE_AUTO=capi > -DOPENSSL_CAPIENG_DIALO" > > > when i use curl get url,eg "curl -k https://*.com",return the error: > error:89070063:lib(137):CAPI_RSA_SIGN:cant create hash object >
Quick answer: use OpenSSL 1.1.0 . Alternatively disable TLS 1.2 (e.g. curl command line option) or indicate support only for SHA1+RSA for client signature algorithms (don't think there is a curl command line option for this). Long answer: the capi ENGINE in OpenSSL 1.0.2 and earlier uses the CSP attached to the key for cryptographic operations. Unfortunately this means that SHA2 algorithms are not supported for client authentication. OpenSSL 1.1.0 adds a workaround for this issue. If you disable TLS 1.2 in earlier versions of OpenSSL it will not use SHA2 for client auth so that will also work. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4660 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
