> On Jun 30, 2015, at 1:52 AM, mxb <m...@alumni.chalmers.se> wrote: > > > I’m sorry but I can’t provide private key. > It is basically production and not self-signed. Comes from Thawte. > > I’m able to produce output from ‘openssl enc -d base64 < key’, > so issue from the link you pointed out is not on my side. > > I’m following OpenBSD-current by moving from snap to snap. > I just actually started to deploy SSL acceleration with relayd, so I’m not > aware on > any prev. working snap. I had older snap which produced this issue, so I > moved to > up-to-date -CURRENT. > > Linux dist which working is FC20, with 'OpenSSL 1.0.1e-fips 11 Feb 2013’. > I have 3 more key/cert pairs from Thawte. Those are OK both on FC20 and > OpenBSD-current. > > Question how do I debug this? > I’m happy to apply any patches for testing.
It would be interesting to see if you're hitting any of the extra checks added here: https://github.com/libressl-portable/openbsd/commit/d1114a9633e1f7004537f5238a5f1f111898ebeb Would you be comfortable adding some extra output to the various failure points in EVP_DecodeUpdate to see where we are bailing out? > Br > //mxb > >> On 30 jun 2015, at 05:25, Brent Cook <bust...@gmail.com> wrote: >> >> On Mon, Jun 29, 2015 at 1:22 AM, mxb <m...@alumni.chalmers.se> wrote: >>> Hey, >>> >>> getting following error on OpenBSD-current as of yesterdays 'cvs up’: >> >> Does this imply that it worked in some earlier version of >> OpenBSD-current? If so, what was the version that worked? >> >>> unable to load Private Key >>> 30008934842236:error:0906D064:PEM routines:PEM_read_bio:bad base64 >>> decode:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/pem/pem_lib.c:822: >>> >>> Cmd issued: 'openssl rsa -noout -modulus -in key’ >>> >>> ‘openssl version’: LibreSSL 2.2 >>> >>> This key is OK with openssl on Linux >> >> It's probably silly to ask for a copy of your private key, but could >> you share an example of the input that is failing here? Maybe if you >> can generate a new pem file? >> >> I seem to recall an actually invalid base64 encoding issue that was >> reported last year. Does this seem relevant? >> >> http://tech.openbsd.narkive.com/tHdomkKq/libressl-base64-decoding-error >> >> Saying 'openssl on Linux' doesn't help us much (especially without a >> sample of the input), though something like 'OpenSSL 1.0.1e on Ubuntu >> 14.04' might if we had something to test against. >> >>> Br >>> >>> //mxb >>> >>> >