SSL_CTX_use_PrivateKey_file(...) fails

Mon, 23 Apr 2001 16:48:03 -0700 

Hi , 

I have created a DSA certificate & private key files for my server with the
following commands , which seems to have ended OK : 

rem Create a new certificate for my CA using a root CA certificate:
openssl req -new -x509 -keyout cakey.pem -out cacert.pem -config openssl.cnf
-newkey dsa:root.pem

rem Create a new certificate request for my server
openssl req -new -keyout servkey.pem -out servreq.pem -days 360 -config
openssl.cnf -newkey dsa:cacert.pem

rem Get my server certificate signed by the CA
openssl ca -policy policy_anything -out servcert.pem -config openssl.cnf
-infiles servreq.pem

And then tried to do application initializations on the SSL library using the
following function: 

SSL_CTX* InitializeSSL( char* password )
{
SSL_METHOD* pSSLMethod;
SSL_CTX *pSSLContext;

SSL_library_init();
SSL_load_error_strings();

pSSLMethod = SSLv23_method();
pSSLContext = SSL_CTX_new( pSSLMethod );

if ( !(SSL_CTX_use_certificate_file( pSSLContext, "servcert.pem",
SSL_FILETYPE_PEM )))
Error( "Unable to load certificate file" );

pass = password;
SSL_CTX_set_default_passwd_cb( pSSLContext, password_cb );
if ( !( SSL_CTX_use_PrivateKey_file( pSSLContext, "servkey.pem",
SSL_FILETYPE_PEM )))
Error( "Unable to load private key" );

if ( !(SSL_CTX_load_verify_locations( pSSLContext, "cacert.pem", 0 )))
Error( "Couldn't read CA cert" );

SSL_CTX_set_verify_depth( pSSLContext, 1 );

if ( !( RAND_load_file( RANDOM, 1024*1024 )))
Error( "Couldn't load randomness" );

return pSSLContext;
}

But the function call SSL_CTX_use_PrivateKey_file(...) above fails internally
inside pem_lib.c , on line 451 , line
PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT) .

Anybody got an idea what might be wrong here with my server key file, or
anything else...?
I am using OpenSSL 0.9.6a on a Windows NT machine.

Thanks,
Guy



____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to