Hello Robert, I managed to get rid of the error so I thought it useful to share.
I used openssl to read and write back the private key:
openssl rsa -in private.key -out private_same.key
And it did the magic!
I came to this solution by applying a KB article for Citrix NetScaler (that I
own) which can be picky about private key.
Now, however, I get a SIGSEGV:
...omissis...
address 192.168.1.72 /root/Pound-3.0e/src/config.c:509
port 890 /root/Pound-3.0e/src/config.c:512
start get_certificates /root/Pound-3.0e/src/config.c:451
start get_one(/etc/pound/c.pem) /root/Pound-3.0e/src/config.c:377
start get_services /root/Pound-3.0e/src/config.c:209
HeadRequire Host: .*xxx.yyy.zzz.* /root/Pound-3.0e/src/config.c:237
push /root/Pound-3.0e/src/config.c:258
Segmentation fault (core dumped)
Program received signal SIGSEGV, Segmentation fault.
0x0000000000409c5e in get_https (root=0x4328e0, root=0x4328e0,
document=0x7fffffffcb10) at /root/Pound-3.0e/src/config.c:548
548 if(res.sni[0]->certificate.next != NULL)
Is there any info I can provide to help debug the problem?
Kind regards,
[Unione della Romagna Faentina]
[cid:3f964879-8639-40b7-9609-87549971a2d4] dr. Alessandro Baldoni
[cid:24c5db01-cf9d-4128-8764-3411d9830652] Servizio Informatica
Via Severoli 7
48018 Faenza RA
[cid:7852a39a-a422-4dab-b282-846ce6d38b33] 0546 691224
[cid:7d5bae8e-77f3-45cd-b8da-b01026eefbae]
alessandro.bald...@romagnafaentina.it
[cid:56c8320a-a836-4717-a902-2753cf6bb7a3] p...@cert.romagnafaentina.it
________________________________
From: Robert Segall via pound <pound@apsis.ch>
Sent: Thursday, October 22, 2020 18:16
To: pound@apsis.ch <pound@apsis.ch>
Cc: Robert Segall <ro...@apsis.ch>
Subject: Re: [pound] Pound-3.0e: Error when reading PEM file
Hallo Alessandro
I am a bit out of ideas. Perhaps you could try downloading, compiling,
and linking to the newest version of mbedtls? The official distribution
also contains a bunch of programs (similar to the "openssl" command)
which could be helpful in debugging this issue. Worth a try...
Failing that you could perhaps open a bug report on their mailing list.
On Tue, 2020-10-20 at 13:19 +0000, Alessandro Baldoni via pound wrote:
> Hello Robert, I run again the openssl command with version 1.1.1 and
> now the output is:
>
> Private-Key: (2048 bit, 2 primes)
> modulus:
> publicExponent: 65537 (0x10001)
> privateExponent:
> prime1:
> prime2:
> exponent1:
> exponent2:
> coefficient:
>
> The previous output was with openssl 1.0.2e
> Kind regards,
> [Unione della Romagna Faentina]
> [cid:0707f32f-186c-48bf-a2f3-ecd8c973753a] dr. Alessandro
> Baldoni
> [cid:670760e4-95b0-4cc8-aeb9-e9226ada149e] Servizio Informatica
> Via Severoli 7
> 48018 Faenza RA
> [cid:23f236d9-3050-45e9-9e56-17a3afcecee3] 0546 691224
> [cid:7d875fa5-071d-4e39-9265-1023abd18e9a]
> alessandro.bald...@romagnafaentina.it
> [cid:3d9b4127-2678-4d02-9faa-11baf517420a]
> p...@cert.romagnafaentina.it
> ________________________________
> From: Robert Segall <ro...@apsis.ch>
> Sent: Monday, October 19, 2020 14:48
> To: Alessandro Baldoni <alessandro.bald...@romagnafaentina.it>;
> pound@apsis.ch <pound@apsis.ch>
> Subject: Re: [pound] Pound-3.0e: Error when reading PEM file
>
> Hallo Alessandro
>
> By "wrong values" I meant primes that do not result in the advertised
> number of bits (for example). This is very unlikely, but not outright
> impossible.
>
> What worries me more is that in your printout I see "Private-Key:
> (2048
> bit)" rather than "RSA Private-Key: (2048 bit, 2 primes)". I believe
> mbedssl (like other TLS1.3 implementations) is rather picky about the
> tags used. Could you possibly check with your certificate provider
> for
> the reasons? Perhaps they could generate a new certificate with fully
> compliant tags just for testing purposes? Alternately, I know the
> latest versions of openssl generate these tags, so perhaps you could
> create a self-signed certificate just for testing?
>
> BTW: this could also explain the issues people had with Pound 2.8:
> using a newer openssl version may have a similar effect.
>
> On Mon, 2020-10-19 at 10:40 +0000, Alessandro Baldoni wrote:
> > Hello Robert, this is the output of the SSL command (values
> > removed):
> >
> > Private-Key: (2048 bit)
> > modulus:
> > publicExponent: 65537 (0x10001)
> > privateExponent:
> > prime1:
> > prime2:
> > exponent1:
> > exponent2:
> > coefficient:
> >
> > What do you mean with "a problem of wrong values"?
> >
> > Kind regards,
> >
> > [Unione della Romagna Faentina]
> > [cid:7d8f8d83-a9e4-4bf0-84b3-9e1aeeb31a71] dr. Alessandro
> > Baldoni
> > [cid:19f2ff9f-e848-4fe4-ac3c-65bd6301f0a7] Servizio
> > Informatica
> > Via Severoli 7
> > 48018 Faenza RA
> > [cid:03df2d07-aef8-437c-8826-30d9d43e5250] 0546 691224
> > [cid:61e85ff2-c4dd-4fb5-a25b-25e1039aa233]
> > alessandro.bald...@romagnafaentina.it
> > [cid:447cce9f-3bab-4731-81a1-c49b0721e761]
> > p...@cert.romagnafaentina.it
> > ________________________________
> > From: Robert Segall via pound <pound@apsis.ch>
> > Sent: Monday, October 19, 2020 11:12
> > To: pound@apsis.ch <pound@apsis.ch>
> > Cc: Robert Segall <ro...@apsis.ch>
> > Subject: Re: [pound] Pound-3.0e: Error when reading PEM file
> >
> > Hallo Alessandro
> >
> > Please have a look at your private key and check what it contains.
> > To
> > see it use the command "openssl rsa -noout -text -in cert.pem". The
> > expected output:
> >
> > RSA Private-Key: (... bit, 2 primes)
> > modulus:
> > ...
> > publicExponent: ... (...)
> > privateExponent:
> > ...
> > prime1:
> > ...
> > prime2:
> > ...
> > exponent1:
> > ...
> > exponent2:
> > ...
> > coefficient:
> > ...
> >
> > If your key looks different it may cause issues, otherwise it may
> > be
> > a
> > problem of wrong values.
> --
> Robert Segall
> Apsis GmbH
> Postfach, Uetikon am See, CH-8707
> Tel: +41-32-512 30 19
>
--
Robert Segall
Apsis GmbH
Postfach, Uetikon am See, CH-8707
Tel: +41-32-512 30 19
--
pound mailing list
pound@apsis.ch
https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch
--
pound mailing list
pound@apsis.ch
https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch
