> sip_trp_ssl_ctx = SSL_CTX_new( TLSv1_method() ); > if ( sip_trp_ssl_ctx == NULL ) { > ERROR("FI_init_ssl_context: SSL_CTX_new with TLSv1_method failed"); > return SSL_INIT_ERROR; > }
Well, EC support was added to SSL/TLS at TLS 1.2. You did not include the error you are receiving. Jeff On Sun, May 25, 2014 at 9:40 AM, Mody, Darshan (Darshan) <darshanm...@avaya.com> wrote: > I use below command > > openssl ecparam -out key.pem -name prime256v1 -genkey. I am using another 3rd > Party tool SIPp. Below is the method that sets the SSL CTX > > ssl_init_status FI_init_ssl_context (void) > { > sip_trp_ssl_ctx = SSL_CTX_new( TLSv1_method() ); > if ( sip_trp_ssl_ctx == NULL ) { > ERROR("FI_init_ssl_context: SSL_CTX_new with TLSv1_method failed"); > return SSL_INIT_ERROR; > } > > sip_trp_ssl_ctx_client = SSL_CTX_new( TLSv1_method() ); > if ( sip_trp_ssl_ctx_client == NULL) { > ERROR("FI_init_ssl_context: SSL_CTX_new with TLSv1_method failed"); > return SSL_INIT_ERROR; > } > > /* Load the trusted CA's */ > SSL_CTX_load_verify_locations(sip_trp_ssl_ctx, tls_cert_name, NULL); > SSL_CTX_load_verify_locations(sip_trp_ssl_ctx_client, tls_cert_name, > NULL); > > /* CRL load from application specified only if specified on the command > line */ > if (strlen(tls_crl_name) != 0) { > if(sip_tls_load_crls(sip_trp_ssl_ctx,tls_crl_name) == -1) { > ERROR("FI_init_ssl_context: Unable to load CRL file (%s)", > tls_crl_name); > return SSL_INIT_ERROR; > } > > if(sip_tls_load_crls(sip_trp_ssl_ctx_client,tls_crl_name) == -1) { > ERROR("FI_init_ssl_context: Unable to load CRL (client) file > (%s)", tls_crl_name); > return SSL_INIT_ERROR; > } > /* The following call forces to process the certificates with the */ > /* initialised SSL_CTX */ > SSL_CTX_set_verify(sip_trp_ssl_ctx, > SSL_VERIFY_PEER | > SSL_VERIFY_FAIL_IF_NO_PEER_CERT, > sip_tls_verify_callback); > > SSL_CTX_set_verify(sip_trp_ssl_ctx_client, > SSL_VERIFY_PEER | > SSL_VERIFY_FAIL_IF_NO_PEER_CERT, > sip_tls_verify_callback); > } > > > /* Selection Cipher suits - load the application specified ciphers */ > SSL_CTX_set_default_passwd_cb_userdata(sip_trp_ssl_ctx, > (void *)CALL_BACK_USER_DATA ); > SSL_CTX_set_default_passwd_cb_userdata(sip_trp_ssl_ctx_client, > (void *)CALL_BACK_USER_DATA ); > SSL_CTX_set_default_passwd_cb( sip_trp_ssl_ctx, > passwd_call_back_routine ); > SSL_CTX_set_default_passwd_cb( sip_trp_ssl_ctx_client, > passwd_call_back_routine ); > > if ( SSL_CTX_use_certificate_file(sip_trp_ssl_ctx, > tls_cert_name, > SSL_FILETYPE_PEM ) != 1 ) { > ERROR("FI_init_ssl_context: SSL_CTX_use_certificate_file failed"); > return SSL_INIT_ERROR; > } > > if ( SSL_CTX_use_certificate_file(sip_trp_ssl_ctx_client, > tls_cert_name, > SSL_FILETYPE_PEM ) != 1 ) { > ERROR("FI_init_ssl_context: SSL_CTX_use_certificate_file (client) > failed"); > return SSL_INIT_ERROR; > } > if ( SSL_CTX_use_PrivateKey_file(sip_trp_ssl_ctx, > tls_key_name, > SSL_FILETYPE_PEM ) != 1 ) { > ERROR("FI_init_ssl_context: SSL_CTX_use_PrivateKey_file failed"); > return SSL_INIT_ERROR; > } > > if ( SSL_CTX_use_PrivateKey_file(sip_trp_ssl_ctx_client, > tls_key_name, > SSL_FILETYPE_PEM ) != 1 ) { > ERROR("FI_init_ssl_context: SSL_CTX_use_PrivateKey_file (client) > failed"); > return SSL_INIT_ERROR; > } > > return SSL_INIT_NORMAL; > } > > -----Original Message----- > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Matt Caswell > Sent: Sunday, May 25, 2014 6:31 PM > To: openssl-users@openssl.org > Subject: Re: SSL_CTX_use_PrivateKey_file > > On 25/05/14 13:11, Mody, Darshan (Darshan) wrote: >> >> When I try to read the EC Private Key file I get an error from the >> openssl. >> >> Is there another way to use the Elliptic curved Private key. Please >> note that I generate the Public and Private keys via the command lines >> and use the public-private key in my program >> > > I think we need a bit more to go on. > > Can you post the commands you used to generate your keys, the error you are > getting, and the code you are using to read the private key? > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org