I've inherited an application built on openssl at work. It uses openssl to
create client ssl connections to web servers. To do this it needs the server
certificate to load to make the connection. Currently that certificate has
the issuer and subject followed by the begin and end certificate for the
server. However when our code (shown below) tries to find the key it fails.
if (cert_file != NULL) {
if (SSL_CTX_use_certificate_file(ctx,cert_file, SSL_FILETYPE_PEM) <=
0) {
WriteLog("Unable to get certificate from '%s'\n", cert_file);
SSL_error("SSL_CTX_use_cert_file\n");
return(EXIT_FAILURE);
}
if (SSL_CTX_use_PrivateKey_file(ctx,key_file, SSL_FILETYPE_PEM) <= 0)
{
WriteLog("Unable to get private key from '%s'\n", key_file);
SSL_error("SSL_CTX_use_key_file\n");
return(EXIT_FAILURE);
}
if (!SSL_CTX_check_private_key(ctx)) {
WriteLog("Private key does not match the certificate public
key\n");
return(EXIT_FAILURE);
}
This and some of the other code gives us the following error message:
37 Unable to get private key from 'certs/server.pem'
37 SSL_CTX_use_key_file
: error:0906D06C:PEM routines:PEM_read_bio:no start line
37 Error setting up certificate
38 Unable to get private key from 'certs/server.pem'
38 SSL_CTX_use_key_file
: error:0906D06C:PEM routines:PEM_read_bio:no start line
38 Error setting up certificate
38 SSL_accept: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
cipher
Thus far I've gotten the certificate from internet exporer and using the
openssl utility but there's no private key that I can capture thus far. Does
it have to have a private key in the certificate? If so can openssl create a
complete certificate file?
Andrew Thompson
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
