Hallo Alessandro By "wrong values" I meant primes that do not result in the advertised number of bits (for example). This is very unlikely, but not outright impossible.
What worries me more is that in your printout I see "Private-Key: (2048 bit)" rather than "RSA Private-Key: (2048 bit, 2 primes)". I believe mbedssl (like other TLS1.3 implementations) is rather picky about the tags used. Could you possibly check with your certificate provider for the reasons? Perhaps they could generate a new certificate with fully compliant tags just for testing purposes? Alternately, I know the latest versions of openssl generate these tags, so perhaps you could create a self-signed certificate just for testing? BTW: this could also explain the issues people had with Pound 2.8: using a newer openssl version may have a similar effect. On Mon, 2020-10-19 at 10:40 +0000, Alessandro Baldoni wrote: > Hello Robert, this is the output of the SSL command (values removed): > > Private-Key: (2048 bit) > modulus: > publicExponent: 65537 (0x10001) > privateExponent: > prime1: > prime2: > exponent1: > exponent2: > coefficient: > > What do you mean with "a problem of wrong values"? > > Kind regards, > > [Unione della Romagna Faentina] > [cid:7d8f8d83-a9e4-4bf0-84b3-9e1aeeb31a71] dr. Alessandro > Baldoni > [cid:19f2ff9f-e848-4fe4-ac3c-65bd6301f0a7] Servizio Informatica > Via Severoli 7 > 48018 Faenza RA > [cid:03df2d07-aef8-437c-8826-30d9d43e5250] 0546 691224 > [cid:61e85ff2-c4dd-4fb5-a25b-25e1039aa233] > alessandro.bald...@romagnafaentina.it > [cid:447cce9f-3bab-4731-81a1-c49b0721e761] > p...@cert.romagnafaentina.it > ________________________________ > From: Robert Segall via pound <pound@apsis.ch> > Sent: Monday, October 19, 2020 11:12 > To: pound@apsis.ch <pound@apsis.ch> > Cc: Robert Segall <ro...@apsis.ch> > Subject: Re: [pound] Pound-3.0e: Error when reading PEM file > > Hallo Alessandro > > Please have a look at your private key and check what it contains. To > see it use the command "openssl rsa -noout -text -in cert.pem". The > expected output: > > RSA Private-Key: (... bit, 2 primes) > modulus: > ... > publicExponent: ... (...) > privateExponent: > ... > prime1: > ... > prime2: > ... > exponent1: > ... > exponent2: > ... > coefficient: > ... > > If your key looks different it may cause issues, otherwise it may be > a > problem of wrong values. -- Robert Segall Apsis GmbH Postfach, Uetikon am See, CH-8707 Tel: +41-32-512 30 19 -- pound mailing list pound@apsis.ch https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch
