The following issue has been CLOSED ====================================================================== https://www.opencsw.org/mantis/view.php?id=5296 ====================================================================== Reported By: tomww Assigned To: dam ====================================================================== Project: pound2 Issue ID: 5296 Category: other Reproducibility: have not tried Severity: minor Priority: normal Status: closed Resolution: open Fixed in Version: ====================================================================== Date Submitted: 2017-02-07 15:48 CET Last Modified: 2017-02-09 15:52 CET ====================================================================== Summary: long RSA Keys can't be loaded - SSL_CTX_use_PrivateKey_file failed - aborted -- 2.7,REV=2015.02.25 Description: It looks like 4096 bit RSA keys can't be used with the 2.7 version of pound Loading config fails with: "SSL_CTX_use_PrivateKey_file failed - aborted" ======================================================================
---------------------------------------------------------------------- (0011237) tomww (reporter) - 2017-02-09 15:38 https://www.opencsw.org/mantis/view.php?id=5296#c11237 ---------------------------------------------------------------------- The experimental package in version 2.8a has been successfully used in SSL mode. During testing it revealed that the "SSL_CTX_use_PrivateKey_file failed - aborted" was not the fault of pound 2.7. While the command line openssl verify was happy with the combined *.pem file, the pound 2.8a config check wasn't. Only re-issuing the *key / *crt / combined *pem file helped that pound via library access to openssl libraries successfully verified and accepted the *.pem file. The error most likely was a mistake in preparing the *pem file. Key-length used in the second attempt was 2048bit. Diff between pound 2.7 and 2.8 seen by the Changelog is only: ------------------------------------------------------------------------ +r82 | roseg | 2016-10-23 16:59:47 +0200 (Sun, 23 Oct 2016) | 8 lines + +Release 2.8a + +Enhancements: + - removed DynScale flag and support + +Bug fixes: + - fixed potential request smuggling via fudged headers + +------------------------------------------------------------------------ +r81 | roseg | 2015-01-26 17:47:53 +0100 (Mon, 26 Jan 2015) | 30 lines + +Release 2.7 + [...]