>Synopsis: libressl aborted when starting ocsp with a passphrase in the
generated rkey file
>Category: library
>Environment:
System : OpenBSD 6.0
Details : OpenBSD 6.0-current (GENERIC.MP) #150: Tue Jan 17 17:41:15
MST 2017
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
Architecture: OpenBSD.amd64
Machine : amd64
>Description:
LibreSSL was aborted when starting the ocsp server for a test domain
intermediate CA,
openning the rkey file generated by:
openssl genrsa -aes256 -out
intermediate/private/ocsp.inda.re.key.pem 4096
Please note that the OCSP server starts correctly if the keyfile is
generated
without -aes256.
Being not aware how setting up a Root CA, I've followed the procedure
at the
url pasted below. Then, running the OSCP server with arguments shown
below
resulted in:
Abort trap (core dumped)
at the output, and
openssl(7598): syscall 54 "ioctl"
in the messages.
>How-To-Repeat:
# Folowed the method as presented on this site:
#
https://jamielinux.com/docs/openssl-certificate-authority/introduction.html
# Everything goes right with libressl until I attempted to start the
OCSP server
# Generated the keyfile with a passphrase, as shown in the last part of
the tutorial
openssl genrsa -aes256 -out intermediate/private/ocsp.inda.re.key.pem
4096
# Triggers the abort
openssl ocsp -port 127.0.0.1:25600 -text -sha256 \
-index intermediate/index.txt \
-CA intermediate/certs/ca-chain.cert.pem \
-rkey intermediate/private/ocsp.inda.re.key.pem \
-rsigner intermediate/certs/ocsp.inda.re.cert.pem \
-nrequest 1
