Re: [openssl-dev] [openssl.org #4673] a weird error, please help to check whether is it a but. thanks!
> On Sep 12, 2016, at 4:08 PM, zy_chongqing via RTwrote: > > SSL_CTX_use_certificate_file return 0, and the log show: error:140AB18F:SSL > routines:SSL_CTX_use_certificate:ee key too small > 1. this programe is running well in one server, but failed in another. > actually these 2 servers is mirrow relationship. 2. I checked the pem file > (as attached), also is same on two servers3. I checked the error reason, but > cannot find any description about it in the website.I am almost crazy for > this issue, would you help to check what's the reason of this error for me? > thanks a lot! > my OS: Linux version 3.7.10-1.1-desktop (geeko@buildhost) (gcc version 4.7.2 > 20130108 [gcc-4_7-branch revision 195012] (SUSE Linux) ) #1 SMP PREEMPT Thu > Feb 28 15:06:29 UTC 2013 (82d3f21)OpenSSL version: OpenSSL 1.1.0 25 Aug 2016 > thanks & Regards! Use stronger keys, see: https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_security_level.html -- Viktor. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4673] a weird error, please help to check whether is it a but. thanks!
> On Sep 12, 2016, at 4:08 PM, zy_chongqing via RTwrote: > > SSL_CTX_use_certificate_file return 0, and the log show: error:140AB18F:SSL > routines:SSL_CTX_use_certificate:ee key too small > 1. this programe is running well in one server, but failed in another. > actually these 2 servers is mirrow relationship. 2. I checked the pem file > (as attached), also is same on two servers3. I checked the error reason, but > cannot find any description about it in the website.I am almost crazy for > this issue, would you help to check what's the reason of this error for me? > thanks a lot! > my OS: Linux version 3.7.10-1.1-desktop (geeko@buildhost) (gcc version 4.7.2 > 20130108 [gcc-4_7-branch revision 195012] (SUSE Linux) ) #1 SMP PREEMPT Thu > Feb 28 15:06:29 UTC 2013 (82d3f21)OpenSSL version: OpenSSL 1.1.0 25 Aug 2016 > thanks & Regards! Use stronger keys, see: https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_security_level.html -- Viktor. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4673 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4673] a weird error, please help to check whether is it a but. thanks!
Hello, I have a function to initial the CTX as below: #define CA_CERT_PATH "./pem" #define RSA_CLIENT_CERT "./pem/PushChatCert.pem" #define RSA_CLIENT_KEY "./pem/PushChatKey.pem" bool CAPNSClient::InitCTX() { SSL_library_init(); SSL_load_error_strings(); OpenSSL_add_all_algorithms(); m_pMeth = TLS_client_method(); m_pCtx = SSL_CTX_new(m_pMeth); if(NULL == m_pCtx) { ERRLOG("Could not get SSL Context"); return false; } if(0 == SSL_CTX_load_verify_locations(m_pCtx, NULL, CA_CERT_PATH)) { ERRLOG("Failed to set CA location:%s", ERR_error_string( ERR_get_error(), NULL )); return false; } if (0 == SSL_CTX_use_certificate_file(m_pCtx, RSA_CLIENT_CERT, SSL_FILETYPE_PEM)) { ERRLOG("Cannot use Certificate File:%s", ERR_error_string( ERR_get_error(), NULL )); return false; } SSL_CTX_set_default_passwd_cb_userdata(m_pCtx, (void*)"Memo_Server"); if (0 == SSL_CTX_use_PrivateKey_file(m_pCtx, RSA_CLIENT_KEY, SSL_FILETYPE_PEM)) { ERRLOG("Cannot use Private Key:%s", ERR_error_string( ERR_get_error(), NULL )); return false; } /* Check if the client certificate and private-key matches 验证私钥是否与证书一致*/ if (0 == SSL_CTX_check_private_key(m_pCtx)) { ERRLOG("Private key does not match the certificate public key"); return false; } return true; } SSL_CTX_use_certificate_file return 0, and the log show: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small 1. this programe is running well in one server, but failed in another. actually these 2 servers is mirrow relationship. 2. I checked the pem file (as attached), also is same on two servers3. I checked the error reason, but cannot find any description about it in the website.I am almost crazy for this issue, would you help to check what's the reason of this error for me? thanks a lot! my OS: Linux version 3.7.10-1.1-desktop (geeko@buildhost) (gcc version 4.7.2 20130108 [gcc-4_7-branch revision 195012] (SUSE Linux) ) #1 SMP PREEMPT Thu Feb 28 15:06:29 UTC 2013 (82d3f21)OpenSSL version: OpenSSL 1.1.0 25 Aug 2016 thanks & Regards! -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4673 Please log in as guest with password guest if prompted PushChatCert.pem Description: Binary data -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] [openssl.org #4130] Provide enginesdir in pkgconfig file
Fixed in the 1.1.0 and 1.0.2 branches, as well as master. Closing ticket. Thank you! Cheers, Richard On Mon Nov 09 08:15:26 2015, dw...@infradead.org wrote: > External engines such as engine_pkcs11 want to install into > $ENGINESDIR. Would be nice if we could tell where it is by using > $(pkg-config --variable=enginesdir openssl) > > It's theoretically possible to find it by defining HEADER_CRYPTLIB_H > and then including opensslconf.h, although that's horrid enough even > before you consider cross-compilation (i.e. you can't just use printf). > > Can we put it in openssl.pc please? > > (Of course, something as fundamental as engine_pkcs11 shouldn't be > external anyway, but that's a different story...) > -- Richard Levitte levi...@openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4130 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev