kjm33 opened a new issue, #11197: URL: https://github.com/apache/trafficserver/issues/11197
Apache Traffic Server - traffic_server - 9.2.3 - (build # 101116 on Oct 11 2023 at 16:11:14) /etc/trafficserver/ssl_multicert.config dest_ip=* ssl_cert_name=/etc/pki/tls/certs/cert.pem ssl_key_name=/etc/pki/tls/private/encrypted.key ssl_key_dialog=exec:/tmp/show_key /tmp/show_key #!/bin/sh /usr/bin/echo SECRET_KEY journalctl -xeu trafficserver.service Mar 29 06:10:59 XXX traffic_manager[1432308]: Enter PEM pass phrase: Errors: [Mar 29 06:10:59.151] traffic_server DEBUG: <SSLUtils.cc:1024 (SSLPrivateKeyHandler)> (ssl_load) failed to load server private key (-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRY) from /etc/pki/tls/private/encrypted.key [Mar 29 06:10:59.151] traffic_server ERROR: SSL::22753122588160:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE [Mar 29 06:10:59.151] traffic_server ERROR: SSL::22753122588160:error:2807106B:UI routines:UI_process:processing error:crypto/ui/ui_lib.c:545:while reading strings [Mar 29 06:10:59.151] traffic_server ERROR: SSL::22753122588160:error:0906406D:PEM routines:PEM_def_callback:problems getting password:crypto/pem/pem_lib.c:59 [Mar 29 06:10:59.151] traffic_server ERROR: SSL::22753122588160:error:0906A068:PEM routines:PEM_do_header:bad password read:crypto/pem/pem_lib.c:434 Root cause: Missing pass phrase callback parameter (passwd_cb) for PEM_read_bio_PrivateKey function in SSLPrivateKeyHandler function. I guess that was broken in https://github.com/apache/trafficserver/commit/7dbb6cb1881aa344edb1ab59dcbe3342171ea0a7#diff-cb865c0bc65fb8ef103a206282b78a50e0c1c9e93ca6713322ba9df9d921e6c9 because loading the same key with SSL_CTX_set_default_passwd_cb and SSL_CTX_use_PrivateKey_file works ok. If I call PEM_read_bio_PrivateKey w/o the callback parameter I get the "Enter PEM pass phrase:" prompt exactly as in the logs from journalctl -xeu trafficserver.service -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
