On Sun, Sep 7, 2014 at 10:26 PM, Liz Fall <f...@sbcglobal.net> wrote:
> All,
>
>
>
> I am getting the following with my client cert when trying to connect to
> an SSL-enabled MongoDB:
>
>
>
> 2014-09-03T13:37:56.881-0500 ERROR: cannot read PEM key file:
> /users/apps/tstlrn/u019807/DTCD9C3B2F42757.ent.wfb.bank.corp_mongo_wells.pem
> error:0906D06C:PEM routines:PEM_read_bio:no start line
>
I just tried to duplicate with a key (not a certificate) that uses line
breaks at 76 characters. I don't have a certificate because my routines
don't support certificates. But it should reveal a little about the OpenSSL
parser.
Reading the public and private keys were OK when the line size was 76 (see
below). So the OpenSSL parser is lenient during a read. This seems very
reasonable to me.
Reading an encrypted private key resulted in an error "PEM_read_bio:bad end
line:pem_lib.c:802" when the line size was 76 (see below). This kind of
surprised me.
Since you are receiving the "no start line" error (and not another error),
I would suspect you are reading an ASN.1/DER encoded certificate; and not a
PEM encoded certificate. The error occured before anything related to line
lengths.
Can you post the X509 certificate for inspection?
Jeff
**********
# Line breaks at 76
$ cat rsa-pub-xxx.pem
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDse17vxd2lkVIxwt1gkipo0EZo3NdDhIvPRowZ
6hfRM1n3+8NlS4Qw76PvM1EMR9FXCFTBtv9zzZ7OkNH84LgG6mbNS28PuWeUFmMZumdLbT4KNu2U
pttFup08OUEIlrmkeP1GqMCfaVcbCfl0tScpCMeEhXUpiIvtzUin2kqGHQIDAQAB
-----END PUBLIC KEY-----
# Line breaks at 76
$ cat rsa-priv-xxx.pem
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDse17vxd2lkVIxwt1gkipo0EZo3NdDhIvPRowZ6hfRM1n3+8NlS4Qw76PvM1EM
R9FXCFTBtv9zzZ7OkNH84LgG6mbNS28PuWeUFmMZumdLbT4KNu2UpttFup08OUEIlrmkeP1GqMCf
aVcbCfl0tScpCMeEhXUpiIvtzUin2kqGHQIDAQABAoGBAJqxzZW98tMW8BS7K0O7+eActqJsLKjv
MOIDfSyKlM/17pmo6NX/g1bbvHqCMDd/V3K+cWtTAWJIlOT9mU/51Ib3h29xEQQ6Ql/ubMPAmm/t
f7itQMxn5FVY+ZA2/pL/mDzAdMuLeS/1TcHCqjbpAL8VaZjHTqztHBcVcNzbIQ6BAkEA/e7hE6WV
caAoFEVfoZW0AIjwWpziQdI1bhNAi70fxWEU1kSq2ZZZhqxU4G37IKmVfBnx3CSzCgp5daPqUpEO
oQJBAO5oIOgVf3GqL03fA6N3s2gx9L4VzAaZZynDF6yjhCCAXs8uUSEYKL32a17dFq+0SrQUSS2J
Tylsz2cv+Uk6cf0CQQCV5RLb5BypbB78iE8BNTuCLVOkSYON0yZTCe5KDqPYgYwpR3OK6aODSer4
aDObfj+NeEs65jcBsFkuRkol3xbBAkEAiN+rlNNS2fU1N2YEdsNwcy/LLZ7iBh/ohKeHXgx6/RX2
WMhkt7VhHr7tIgeY0MOX6A+Fe+lLU6Mu6DU4z/wIGQJAQfEGaJbtaq8bLu6m2VYPpGig1NyBx9i8
kF/E+JC9ZSYh//5nhp6+lBbxceDcijPqnKGZlMYS51nPLSHQBRqbog==
-----END RSA PRIVATE KEY-----
# Line breaks at 76, password is "test"
$ cat rsa-enc-priv-xxx.pem
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,8878824B00BA92932DC5AA1E4A9F12E0
klcOjPvZmj/19sUcf031oUckm2YUw7nEp6UtSbs41OKd2TyRfveNl4vv3J8AzOh18AqPPSKR3chM
8lSvKIdcksieh8raqr2s5wMd8ds/mDkguoVWGVnN8f+FKoVTny7OMhXAbQhk2ZXwZMEU5Q8M/Jnj
3ZfrbgcLYH50UoPlkgD6Y0krcNB+TDJEMvErn7G6RedrDPOjQ2gFCmRSE6Yuqtcgl5JaVS+1UT8Z
4l+EMuUjQcBiwuSQNxgfwyGQ3g/2maluLJsEKHDQhAKufe2c7lXlK/0MdHY+q4RbNLmGBigHb97U
A5jTZl5+dBrQgtgPx7V13F/7EHT6m2KrYSDvfoPadcT65sT1ukoZF5rvbdRcN1QtVetVrymwM5XU
8CrlSz6tihleipPx27JUA7WQjIQc/Kk7R0e1dNB0oEkgd0i5+20bg+4/Keh0t5fwkXlyrCwjEItT
zoC0Hm2dvXG6BTm1OUyRL94DxStVmqRpwDbthbEUqxYWrxTgWKu+noGYu3xJFI6plKEHTY+YMxjm
azeyV8CE0HGwRXTBHpj47bekt5dpxMxZasgeIJqHrUI3am+CijdJTHQyHU3Zxk7rdiLha1inpN6M
Z+ImQxqzm22e4/KMnTxcZ7L6hNzCKXgAGZ9gdg2uV+fwwyFRwzLDWMbQFeYH10yHB6Ua6Wg2LZdr
+NTuJlrMykVULD382XszNMLFtJGl46lpJ9XKWTTIX4e5Fg5N1WSHS2gD8YLxtRzd9vM9ewsZOMtw
gqw5uK7GSJUo8FHKtYuLGKY0jnVHFm2VnYo+76RXQxmJyo+ANmALJCJENCZDMm0I0pRGgRVV
-----END RSA PRIVATE KEY-----
$ openssl rsa -in rsa-pub-xxx.pem -pubin -text -noout
Public-Key: (1024 bit)
Modulus:
00:ec:7b:5e:ef:c5:dd:a5:91:52:31:c2:dd:60:92:
2a:68:d0:46:68:dc:d7:43:84:8b:cf:46:8c:19:ea:
17:d1:33:59:f7:fb:c3:65:4b:84:30:ef:a3:ef:33:
51:0c:47:d1:57:08:54:c1:b6:ff:73:cd:9e:ce:90:
d1:fc:e0:b8:06:ea:66:cd:4b:6f:0f:b9:67:94:16:
63:19:ba:67:4b:6d:3e:0a:36:ed:94:a6:db:45:ba:
9d:3c:39:41:08:96:b9:a4:78:fd:46:a8:c0:9f:69:
57:1b:09:f9:74:b5:27:29:08:c7:84:85:75:29:88:
8b:ed:cd:48:a7:da:4a:86:1d
Exponent: 65537 (0x10001)
$ openssl rsa -in rsa-priv-xxx.pem -text -noout
Private-Key: (1024 bit)
modulus:
00:ec:7b:5e:ef:c5:dd:a5:91:52:31:c2:dd:60:92:
2a:68:d0:46:68:dc:d7:43:84:8b:cf:46:8c:19:ea:
17:d1:33:59:f7:fb:c3:65:4b:84:30:ef:a3:ef:33:
51:0c:47:d1:57:08:54:c1:b6:ff:73:cd:9e:ce:90:
d1:fc:e0:b8:06:ea:66:cd:4b:6f:0f:b9:67:94:16:
63:19:ba:67:4b:6d:3e:0a:36:ed:94:a6:db:45:ba:
9d:3c:39:41:08:96:b9:a4:78:fd:46:a8:c0:9f:69:
57:1b:09:f9:74:b5:27:29:08:c7:84:85:75:29:88:
8b:ed:cd:48:a7:da:4a:86:1d
publicExponent: 65537 (0x10001)
privateExponent:
00:9a:b1:cd:95:bd:f2:d3:16:f0:14:bb:2b:43:bb:
f9:e0:1c:b6:a2:6c:2c:a8:ef:30:e2:03:7d:2c:8a:
94:cf:f5:ee:99:a8:e8:d5:ff:83:56:db:bc:7a:82:
30:37:7f:57:72:be:71:6b:53:01:62:48:94:e4:fd:
99:4f:f9:d4:86:f7:87:6f:71:11:04:3a:42:5f:ee:
6c:c3:c0:9a:6f:ed:7f:b8:ad:40:cc:67:e4:55:58:
f9:90:36:fe:92:ff:98:3c:c0:74:cb:8b:79:2f:f5:
4d:c1:c2:aa:36:e9:00:bf:15:69:98:c7:4e:ac:ed:
1c:17:15:70:dc:db:21:0e:81
prime1:
00:fd:ee:e1:13:a5:95:71:a0:28:14:45:5f:a1:95:
b4:00:88:f0:5a:9c:e2:41:d2:35:6e:13:40:8b:bd:
1f:c5:61:14:d6:44:aa:d9:96:59:86:ac:54:e0:6d:
fb:20:a9:95:7c:19:f1:dc:24:b3:0a:0a:79:75:a3:
ea:52:91:0e:a1
prime2:
00:ee:68:20:e8:15:7f:71:aa:2f:4d:df:03:a3:77:
b3:68:31:f4:be:15:cc:06:99:67:29:c3:17:ac:a3:
84:20:80:5e:cf:2e:51:21:18:28:bd:f6:6b:5e:dd:
16:af:b4:4a:b4:14:49:2d:89:4f:29:6c:cf:67:2f:
f9:49:3a:71:fd
exponent1:
00:95:e5:12:db:e4:1c:a9:6c:1e:fc:88:4f:01:35:
3b:82:2d:53:a4:49:83:8d:d3:26:53:09:ee:4a:0e:
a3:d8:81:8c:29:47:73:8a:e9:a3:83:49:ea:f8:68:
33:9b:7e:3f:8d:78:4b:3a:e6:37:01:b0:59:2e:46:
4a:25:df:16:c1
exponent2:
00:88:df:ab:94:d3:52:d9:f5:35:37:66:04:76:c3:
70:73:2f:cb:2d:9e:e2:06:1f:e8:84:a7:87:5e:0c:
7a:fd:15:f6:58:c8:64:b7:b5:61:1e:be:ed:22:07:
98:d0:c3:97:e8:0f:85:7b:e9:4b:53:a3:2e:e8:35:
38:cf:fc:08:19
coefficient:
41:f1:06:68:96:ed:6a:af:1b:2e:ee:a6:d9:56:0f:
a4:68:a0:d4:dc:81:c7:d8:bc:90:5f:c4:f8:90:bd:
65:26:21:ff:fe:67:86:9e:be:94:16:f1:71:e0:dc:
8a:33:ea:9c:a1:99:94:c6:12:e7:59:cf:2d:21:d0:
05:1a:9b:a2
$ openssl rsa -in rsa-enc-priv-xxx.pem -passin pass:test -text -noout
unable to load Private Key
140735192314332:error:0906D066:PEM routines:PEM_read_bio:bad end
line:pem_lib.c:802:
