I use below command
openssl ecparam -out key.pem -name prime256v1 -genkey. I am using another 3rd
Party tool SIPp. Below is the method that sets the SSL CTX
ssl_init_status FI_init_ssl_context (void)
{
sip_trp_ssl_ctx = SSL_CTX_new( TLSv1_method() );
if ( sip_trp_ssl_ctx == NULL ) {
ERROR("FI_init_ssl_context: SSL_CTX_new with TLSv1_method failed");
return SSL_INIT_ERROR;
}
sip_trp_ssl_ctx_client = SSL_CTX_new( TLSv1_method() );
if ( sip_trp_ssl_ctx_client == NULL) {
ERROR("FI_init_ssl_context: SSL_CTX_new with TLSv1_method failed");
return SSL_INIT_ERROR;
}
/* Load the trusted CA's */
SSL_CTX_load_verify_locations(sip_trp_ssl_ctx, tls_cert_name, NULL);
SSL_CTX_load_verify_locations(sip_trp_ssl_ctx_client, tls_cert_name, NULL);
/* CRL load from application specified only if specified on the command
line */
if (strlen(tls_crl_name) != 0) {
if(sip_tls_load_crls(sip_trp_ssl_ctx,tls_crl_name) == -1) {
ERROR("FI_init_ssl_context: Unable to load CRL file (%s)",
tls_crl_name);
return SSL_INIT_ERROR;
}
if(sip_tls_load_crls(sip_trp_ssl_ctx_client,tls_crl_name) == -1) {
ERROR("FI_init_ssl_context: Unable to load CRL (client) file (%s)",
tls_crl_name);
return SSL_INIT_ERROR;
}
/* The following call forces to process the certificates with the */
/* initialised SSL_CTX */
SSL_CTX_set_verify(sip_trp_ssl_ctx,
SSL_VERIFY_PEER |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
sip_tls_verify_callback);
SSL_CTX_set_verify(sip_trp_ssl_ctx_client,
SSL_VERIFY_PEER |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
sip_tls_verify_callback);
}
/* Selection Cipher suits - load the application specified ciphers */
SSL_CTX_set_default_passwd_cb_userdata(sip_trp_ssl_ctx,
(void *)CALL_BACK_USER_DATA );
SSL_CTX_set_default_passwd_cb_userdata(sip_trp_ssl_ctx_client,
(void *)CALL_BACK_USER_DATA );
SSL_CTX_set_default_passwd_cb( sip_trp_ssl_ctx,
passwd_call_back_routine );
SSL_CTX_set_default_passwd_cb( sip_trp_ssl_ctx_client,
passwd_call_back_routine );
if ( SSL_CTX_use_certificate_file(sip_trp_ssl_ctx,
tls_cert_name,
SSL_FILETYPE_PEM ) != 1 ) {
ERROR("FI_init_ssl_context: SSL_CTX_use_certificate_file failed");
return SSL_INIT_ERROR;
}
if ( SSL_CTX_use_certificate_file(sip_trp_ssl_ctx_client,
tls_cert_name,
SSL_FILETYPE_PEM ) != 1 ) {
ERROR("FI_init_ssl_context: SSL_CTX_use_certificate_file (client)
failed");
return SSL_INIT_ERROR;
}
if ( SSL_CTX_use_PrivateKey_file(sip_trp_ssl_ctx,
tls_key_name,
SSL_FILETYPE_PEM ) != 1 ) {
ERROR("FI_init_ssl_context: SSL_CTX_use_PrivateKey_file failed");
return SSL_INIT_ERROR;
}
if ( SSL_CTX_use_PrivateKey_file(sip_trp_ssl_ctx_client,
tls_key_name,
SSL_FILETYPE_PEM ) != 1 ) {
ERROR("FI_init_ssl_context: SSL_CTX_use_PrivateKey_file (client)
failed");
return SSL_INIT_ERROR;
}
return SSL_INIT_NORMAL;
}
Thanks in Advance
Regards
Darshan
-----Original Message-----
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Matt Caswell
Sent: Sunday, May 25, 2014 6:31 PM
To: openssl-users@openssl.org
Subject: Re: SSL_CTX_use_PrivateKey_file
On 25/05/14 13:11, Mody, Darshan (Darshan) wrote:
> Hi,
>
>
>
> When I try to read the EC Private Key file I get an error from the
> openssl.
>
>
>
> Is there another way to use the Elliptic curved Private key. Please
> note that I generate the Public and Private keys via the command lines
> and use the public-private key in my program
>
I think we need a bit more to go on.
Can you post the commands you used to generate your keys, the error you are
getting, and the code you are using to read the private key?
Thanks
Matt
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
