Turned out to be optimization as you suggested. Once I turned it off the app connected on the embedded target.
Good one Steve. I had forgotten how optimization mucks things up from time to time. Thanks /carl h. -----Original Message----- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: July-21-16 10:34 AM To: openssl-users@openssl.org Subject: [Newsletter] Re: [openssl-users] Same openssl app behaves differently depending on platform On Thu, Jul 21, 2016, Carl Heyendal wrote: > I have an app that uses openssl to connect to a server on a different > machine. In one case on my Ubuntu machine the app has no problem getting a > secure connection. But when I recompile the same app for an embedded target > board and run it I get this error: > > # ./client3 192.168.1.99 > Enter PEM pass phrase: > connecting to 192.168.1.99:16001 > ** client3.c:77 Error connecting SSL object 1024:error:04091068:rsa > routines:INT_RSA_VERIFY:bad signature:rsa_sign.c:278: > 1024:error:1408D07B:SSL routines:ssl3_get_key_exchange:bad > signature:s3_clnt.c:2004: > > The app uses the same private key and certificate in both cases. > It could be a compiler bug on the embedded platform. Does it pass "make test"? Have you tried it with optimisation turned off? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users *** Please note that this message and any attachments may contain confidential and proprietary material and information and are intended only for the use of the intended recipient(s). If you are not the intended recipient, you are hereby notified that any review, use, disclosure, dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received this email in error, please immediately notify the sender and destroy this e-mail and any attachments and all copies, whether electronic or printed. Please also note that any views, opinions, conclusions or commitments expressed in this message are those of the individual sender and do not necessarily reflect the views of Fortinet, Inc., its affiliates, and emails are not binding on Fortinet and only a writing manually signed by Fortinet's General Counsel can be a binding commitment of Fortinet to Fortinet's customers or partners. Thank you. *** -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
