Re: SSL_CTX_use_PrivateKey_file

Sun, 25 May 2014 08:30:06 -0700 

>     sip_trp_ssl_ctx = SSL_CTX_new( TLSv1_method() );
>     if ( sip_trp_ssl_ctx == NULL ) {
>         ERROR("FI_init_ssl_context: SSL_CTX_new with TLSv1_method failed");
>         return SSL_INIT_ERROR;
>     }

Well, EC support was added to SSL/TLS at TLS 1.2.

You did not include the error you are receiving.

Jeff

On Sun, May 25, 2014 at 9:40 AM, Mody, Darshan (Darshan)
<darshanm...@avaya.com> wrote:
> I use below command
>
> openssl ecparam -out key.pem -name prime256v1 -genkey. I am using another 3rd 
> Party tool SIPp.  Below is the method that sets the SSL CTX
>
> ssl_init_status FI_init_ssl_context (void)
> {
>     sip_trp_ssl_ctx = SSL_CTX_new( TLSv1_method() );
>     if ( sip_trp_ssl_ctx == NULL ) {
>         ERROR("FI_init_ssl_context: SSL_CTX_new with TLSv1_method failed");
>         return SSL_INIT_ERROR;
>     }
>
>     sip_trp_ssl_ctx_client = SSL_CTX_new( TLSv1_method() );
>     if ( sip_trp_ssl_ctx_client == NULL) {
>         ERROR("FI_init_ssl_context: SSL_CTX_new with TLSv1_method failed");
>         return SSL_INIT_ERROR;
>     }
>
>     /*  Load the trusted CA's */
>     SSL_CTX_load_verify_locations(sip_trp_ssl_ctx, tls_cert_name, NULL);
>     SSL_CTX_load_verify_locations(sip_trp_ssl_ctx_client, tls_cert_name, 
> NULL);
>
>     /*  CRL load from application specified only if specified on the command 
> line */
>     if (strlen(tls_crl_name) != 0) {
>         if(sip_tls_load_crls(sip_trp_ssl_ctx,tls_crl_name) == -1) {
>             ERROR("FI_init_ssl_context: Unable to load CRL file (%s)", 
> tls_crl_name);
>             return SSL_INIT_ERROR;
>         }
>
>         if(sip_tls_load_crls(sip_trp_ssl_ctx_client,tls_crl_name) == -1) {
>             ERROR("FI_init_ssl_context: Unable to load CRL (client) file 
> (%s)", tls_crl_name);
>             return SSL_INIT_ERROR;
>         }
>         /* The following call forces to process the certificates with the */
>         /* initialised SSL_CTX                                            */
>         SSL_CTX_set_verify(sip_trp_ssl_ctx,
>                            SSL_VERIFY_PEER |
>                            SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
>                            sip_tls_verify_callback);
>
>         SSL_CTX_set_verify(sip_trp_ssl_ctx_client,
>                            SSL_VERIFY_PEER |
>                            SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
>                            sip_tls_verify_callback);
>     }
>
>
>     /* Selection Cipher suits - load the application specified ciphers */
>     SSL_CTX_set_default_passwd_cb_userdata(sip_trp_ssl_ctx,
>                                            (void *)CALL_BACK_USER_DATA );
>     SSL_CTX_set_default_passwd_cb_userdata(sip_trp_ssl_ctx_client,
>                                            (void *)CALL_BACK_USER_DATA );
>     SSL_CTX_set_default_passwd_cb( sip_trp_ssl_ctx,
>                                    passwd_call_back_routine );
>     SSL_CTX_set_default_passwd_cb( sip_trp_ssl_ctx_client,
>                                    passwd_call_back_routine );
>
>         if ( SSL_CTX_use_certificate_file(sip_trp_ssl_ctx,
>                                       tls_cert_name,
>                                       SSL_FILETYPE_PEM ) != 1 ) {
>         ERROR("FI_init_ssl_context: SSL_CTX_use_certificate_file failed");
>         return SSL_INIT_ERROR;
>     }
>
>     if ( SSL_CTX_use_certificate_file(sip_trp_ssl_ctx_client,
>                                       tls_cert_name,
>                                       SSL_FILETYPE_PEM ) != 1 ) {
>         ERROR("FI_init_ssl_context: SSL_CTX_use_certificate_file (client) 
> failed");
>         return SSL_INIT_ERROR;
>     }
>     if ( SSL_CTX_use_PrivateKey_file(sip_trp_ssl_ctx,
>                                      tls_key_name,
>                                      SSL_FILETYPE_PEM ) != 1 ) {
>         ERROR("FI_init_ssl_context: SSL_CTX_use_PrivateKey_file failed");
>         return SSL_INIT_ERROR;
>     }
>
>     if ( SSL_CTX_use_PrivateKey_file(sip_trp_ssl_ctx_client,
>                                      tls_key_name,
>                                      SSL_FILETYPE_PEM ) != 1 ) {
>         ERROR("FI_init_ssl_context: SSL_CTX_use_PrivateKey_file (client) 
> failed");
>         return SSL_INIT_ERROR;
>     }
>
>     return SSL_INIT_NORMAL;
> }
>
> -----Original Message-----
> From: owner-openssl-us...@openssl.org 
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of Matt Caswell
> Sent: Sunday, May 25, 2014 6:31 PM
> To: openssl-users@openssl.org
> Subject: Re: SSL_CTX_use_PrivateKey_file
>
> On 25/05/14 13:11, Mody, Darshan (Darshan) wrote:
>>
>> When I try to  read the EC Private Key file I get an error from the
>> openssl.
>>
>> Is there another way to use the Elliptic curved Private key. Please
>> note that I generate the Public and Private keys via the command lines
>> and use the public-private key in my program
>>
>
> I think we need a bit more to go on.
>
> Can you post the commands you used to generate your keys, the error you are 
> getting, and the code you are using to read the private key?
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to