Hallo Alessandro
I am a bit out of ideas. Perhaps you could try downloading, compiling, and linking to the newest version of mbedtls? The official distribution also contains a bunch of programs (similar to the "openssl" command) which could be helpful in debugging this issue. Worth a try... Failing that you could perhaps open a bug report on their mailing list. On Tue, 2020-10-20 at 13:19 +0000, Alessandro Baldoni via pound wrote: > Hello Robert, I run again the openssl command with version 1.1.1 and > now the output is: > > Private-Key: (2048 bit, 2 primes) > modulus: > publicExponent: 65537 (0x10001) > privateExponent: > prime1: > prime2: > exponent1: > exponent2: > coefficient: > > The previous output was with openssl 1.0.2e > Kind regards, > [Unione della Romagna Faentina] > [cid:0707f32f-186c-48bf-a2f3-ecd8c973753a] dr. Alessandro > Baldoni > [cid:670760e4-95b0-4cc8-aeb9-e9226ada149e] Servizio Informatica > Via Severoli 7 > 48018 Faenza RA > [cid:23f236d9-3050-45e9-9e56-17a3afcecee3] 0546 691224 > [cid:7d875fa5-071d-4e39-9265-1023abd18e9a] > alessandro.bald...@romagnafaentina.it > [cid:3d9b4127-2678-4d02-9faa-11baf517420a] > p...@cert.romagnafaentina.it > ________________________________ > From: Robert Segall <ro...@apsis.ch> > Sent: Monday, October 19, 2020 14:48 > To: Alessandro Baldoni <alessandro.bald...@romagnafaentina.it>; > pound@apsis.ch <pound@apsis.ch> > Subject: Re: [pound] Pound-3.0e: Error when reading PEM file > > Hallo Alessandro > > By "wrong values" I meant primes that do not result in the advertised > number of bits (for example). This is very unlikely, but not outright > impossible. > > What worries me more is that in your printout I see "Private-Key: > (2048 > bit)" rather than "RSA Private-Key: (2048 bit, 2 primes)". I believe > mbedssl (like other TLS1.3 implementations) is rather picky about the > tags used. Could you possibly check with your certificate provider > for > the reasons? Perhaps they could generate a new certificate with fully > compliant tags just for testing purposes? Alternately, I know the > latest versions of openssl generate these tags, so perhaps you could > create a self-signed certificate just for testing? > > BTW: this could also explain the issues people had with Pound 2.8: > using a newer openssl version may have a similar effect. > > On Mon, 2020-10-19 at 10:40 +0000, Alessandro Baldoni wrote: > > Hello Robert, this is the output of the SSL command (values > > removed): > > > > Private-Key: (2048 bit) > > modulus: > > publicExponent: 65537 (0x10001) > > privateExponent: > > prime1: > > prime2: > > exponent1: > > exponent2: > > coefficient: > > > > What do you mean with "a problem of wrong values"? > > > > Kind regards, > > > > [Unione della Romagna Faentina] > > [cid:7d8f8d83-a9e4-4bf0-84b3-9e1aeeb31a71] dr. Alessandro > > Baldoni > > [cid:19f2ff9f-e848-4fe4-ac3c-65bd6301f0a7] Servizio > > Informatica > > Via Severoli 7 > > 48018 Faenza RA > > [cid:03df2d07-aef8-437c-8826-30d9d43e5250] 0546 691224 > > [cid:61e85ff2-c4dd-4fb5-a25b-25e1039aa233] > > alessandro.bald...@romagnafaentina.it > > [cid:447cce9f-3bab-4731-81a1-c49b0721e761] > > p...@cert.romagnafaentina.it > > ________________________________ > > From: Robert Segall via pound <pound@apsis.ch> > > Sent: Monday, October 19, 2020 11:12 > > To: pound@apsis.ch <pound@apsis.ch> > > Cc: Robert Segall <ro...@apsis.ch> > > Subject: Re: [pound] Pound-3.0e: Error when reading PEM file > > > > Hallo Alessandro > > > > Please have a look at your private key and check what it contains. > > To > > see it use the command "openssl rsa -noout -text -in cert.pem". The > > expected output: > > > > RSA Private-Key: (... bit, 2 primes) > > modulus: > > ... > > publicExponent: ... (...) > > privateExponent: > > ... > > prime1: > > ... > > prime2: > > ... > > exponent1: > > ... > > exponent2: > > ... > > coefficient: > > ... > > > > If your key looks different it may cause issues, otherwise it may > > be > > a > > problem of wrong values. > -- > Robert Segall > Apsis GmbH > Postfach, Uetikon am See, CH-8707 > Tel: +41-32-512 30 19 > -- Robert Segall Apsis GmbH Postfach, Uetikon am See, CH-8707 Tel: +41-32-512 30 19 -- pound mailing list pound@apsis.ch https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch
