"Ralf S. Engelschall" <[EMAIL PROTECTED]> writes:
[snip]
> Ok, with the appended patch I was at least able to load PEM, DER+Base64 and
> plain DER server.crt and server.key files. Please try it out with your
> cert/keys and give me feedback, please.
Again, thank you Ralf. Well it's late Friday night here in Seattle. And I'd
like to go home. I'll be in over the weekend to work on this, and other
things, some more. But I thought I'd at least let you know what the status
is on this.
The server cert appears to be read fine. But there is something foul with
the way the private key is being handled. I have no clue who is at fault,
but at any rate this is what is happening.
Our private key looks some thing like:
-----BEGIN ENCRYPTED PRIVATE KEY-----
[8 lines of Base64 encoded data]
-----END ENCRYPTED PRIVATE KEY-----
In ssleay/crypto/pem/pem_lib.c:PEM_ASN1_read_bio we have:
[1] if ( (strcmp(nm,name) == 0) ||
[2] ((strcmp(nm,PEM_STRING_RSA) == 0) &&
[3] (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
[4] ((strcmp(nm,PEM_STRING_DSA) == 0) &&
[5] (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
[6] ((strcmp(nm,PEM_STRING_X509_OLD) == 0) &&
[7] (strcmp(name,PEM_STRING_X509) == 0)) ||
[8] ((strcmp(nm,PEM_STRING_X509_REQ_OLD) == 0) &&
[9] (strcmp(name,PEM_STRING_X509_REQ) == 0))
[10] )
At this point though
nm = "ENCRYPTED PRIVATE KEY"
name = "RSA PRIVATE KEY"
But
PEM_STRING_RSA = "RSA PRIVATE KEY"
PEM_STRING_EVP_PKEY = "PRIVATE KEY"
There is no "ENCRYPTED PRIVATE KEY" define.
So you can see we have a problem at #2 and #3 above.
Again, I have no idea what the solution is at the moment.
-Tom
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
