Hi all.
I have been trying lately to debug a startup issue in APACHE's httpd
service; and the last logs I receive in "/etc/httpd/logs_error_log" is
#####################################################################################################################
[error] SSL Library Error: 185073780 error:0B080074:x509 certificate
routines:X509_check_private_key:key values mismatch
#####################################################################################################################
As part of some desperate attempts, I downloaded source-rpms of "httpd" and
"openssl", and tracked down the source from where error-emanates.
Following is the code-snippet from "crypto/x509/x509_cmp.c"
######################################################################################################################
int X509_check_private_key(X509 *x, EVP_PKEY *k)
{
EVP_PKEY *xk;
int ret;
xk=X509_get_pubkey(x);
if (xk)
ret = EVP_PKEY_cmp(xk, k);
else
ret = -2;
switch (ret)
{
case 1:
break;
case 0:
X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
break;
case -1:
X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
break;
case -2:
X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
}
if (xk)
EVP_PKEY_free(xk);
if (ret > 0)
return 1;
return 0;
}
######################################################################################################################
After the call to " ret = EVP_PKEY_cmp(xk, k);", 0 is being returned as
return value.
So, my query is ::
_What do the parameters "X509 *x, EVP_PKEY *k" correspond to_ ?
My guess is that "x" corresponds to a ".crt" file, while "k" corresponds to
a "key" file.
The values at my side are ::
ssl.crt
---------
#######################################################################################################################
-----BEGIN CERTIFICATE-----
MIICUDCCAbmgAwIBAgIJAOupq9QBcIRCMA0GCSqGSIb3DQEBBQUAMEExFjAUBgNV
BAMMDWFqYXkuZ2FyZy5jb20xJzAlBgkqhkiG9w0BCQEWGGFqYXlAYWN0aXZpdHlj
ZW50cmFsLmNvbTAeFw0xMjAzMjIxNDAwMzVaFw0xMzAzMjIxNDAwMzVaMEExFjAU
BgNVBAMMDWFqYXkuZ2FyZy5jb20xJzAlBgkqhkiG9w0BCQEWGGFqYXlAYWN0aXZp
dHljZW50cmFsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAntF9ouTD
HNXB4k/phcTbyAp6EP0a3r6CjEGFrD424Yi8eeOgXCwo4s/hh9tadl/8uLxw50y+
0kQz+IGDCZMmfm3HjBgSM6E14Ju3exQE9VD+1W61FD2nwAXBNIXRUd01/E+OEk28
9nVHm7iSEsLOGEBjpbQnim3o0iBLsdAg/y8CAwEAAaNQME4wHQYDVR0OBBYEFOd+
nLQpcOK2zq5+wZwf5uV2/UngMB8GA1UdIwQYMBaAFOd+nLQpcOK2zq5+wZwf5uV2
/UngMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAUsx+2loW96Aq6fG5
/TBx99Uwnf0p3b52RQ+99CQQj3MQqiuvvvkn1w3joGLK51Xc3sR7/T6bn5BR1vBk
p2g/HmmAHZlTLOJeV9fEofyGf0/Gv7OqpO4NAtBfCd6crdrv3Q37SPppsQ0dkLOs
wQAMLtx4u7QQWze0P7FPCAjE+ZQ=
-----END CERTIFICATE-----
#######################################################################################################################
ssl.key
----------
########################################################################################################################
-----BEGIN PRIVATE KEY-----
MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAJ7RfaLkwxzVweJP
6YXE28gKehD9Gt6+goxBhaw+NuGIvHnjoFwsKOLP4YfbWnZf/Li8cOdMvtJEM/iB
gwmTJn5tx4wYEjOhNeCbt3sUBPVQ/tVutRQ9p8AFwTSF0VHdNfxPjhJNvPZ1R5u4
khLCzhhAY6W0J4pt6NIgS7HQIP8vAgMBAAECgYApRPrGx3dEGO/G5Ukjb6JE+yP5
IixHUW4PED+yIICWXrfLXLEhAoClX6uVaBS7yfmb76vPDwxPC1YN72mjpU9NBmDt
DxGloXEulrHyCtULykVfpWFxQ/sDgxyve7OhmDJPANELkyUKz4bCfcItML3jY3Si
wyjfA/xyCmmOt1xOQQJBAMv5WDFqmk0r9HCM0RHaxxKvPtH37CJjtkzQMVacneZT
0gePS+pwmTTvh58h4vND+IBIfsVfrqFPRx9fXUKPstECQQDHU6r8pr8iFtmPe/Ka
TiiZ/YsWEC9zcObn3os4iglwy/1RWDYTMmtQImm3LVbCtz+/vrM/TJdUShT1Bgxx
vhH/AkAt8cpFx0deXqo+t9lX9jmlIcg6r2eHD4K+pp6Wbcy7VuIWRdbJxfccj1+z
HoTqWsMc0jeL6dOCDkNs86QkHA4hAkA0QH6mVJ/uM8c8keV7Bdom5Aw98Gg//uzJ
A9HDNIxdAVyaomEqjyEKlLrZxgzkZl1Tyo36nf1dnz33LWq9tnHJAkBO2h8KJbWh
9SzvU0xH9neKRVGRL7XppIVGrNOVKIok4zvm5I9SoC/3u9vbG+LtlBdbRKTn5s0E
IvP7lBIUuBOg
-----END PRIVATE KEY-----
########################################################################################################################
So, is a return value of "0" expected for these?
Looking forward to a reply.
Thanks and Regards,
Ajay
