On Wed, Oct 08, 2003 at 06:56:54AM -0400, Jeffrey Burgoyne wrote:
> Hi;
>
> I just upgraded an Apache server 1.3.26 with OpenSSL 0.9.7c and mod_ssl
> 2.8.9 from Openssl 0.9.6d.
>
> I now get the following errors :
>
> Server www.eac-trousse.ic.gc.ca:443 (RSA)
> Enter pass phrase:
>
> Server biotech.gc.ca:443 (RSA)
> 213659:error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad
> tag:a_set.c:179:
...
Yes, we've noticed this too. A reproduction case is with three keys all
with different passphrases: if you enter the correct pass phrase at each
prompt, you get the error after the third prompt.
Here is a workaround for mod_ssl 2.8.x:
--- ssl_engine_pphrase.c~ 2002-02-23 18:45:45.000000000 +0000
+++ ssl_engine_pphrase.c 2003-10-08 12:45:35.000000000 +0100
@@ -237,6 +237,9 @@
ssl_die();
}
cpPassPhraseCur = NULL;
+
+ ERR_clear_error();
+
bReadable = ((pPrivateKey = SSL_read_PrivateKey(fp, NULL,
ssl_pphrase_Handle_CB)) != NULL ? TRUE : FALSE);
ap_pfclose(p, fp);
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
