Hello,
I have a function to initial the CTX as below:
#define CA_CERT_PATH          "./pem"
#define RSA_CLIENT_CERT     "./pem/PushChatCert.pem"
#define RSA_CLIENT_KEY       "./pem/PushChatKey.pem"
bool CAPNSClient::InitCTX()
{
    SSL_library_init();
    SSL_load_error_strings();
    OpenSSL_add_all_algorithms();
 
    m_pMeth = TLS_client_method();
    m_pCtx = SSL_CTX_new(m_pMeth);
    if(NULL == m_pCtx)
    {
        ERRLOG("Could not get SSL Context");
        return false;
    }

    if(0 == SSL_CTX_load_verify_locations(m_pCtx, NULL, CA_CERT_PATH))
    {
        ERRLOG("Failed to set CA location:%s", ERR_error_string( 
ERR_get_error(), NULL ));
        return false;
    }

    if (0 == SSL_CTX_use_certificate_file(m_pCtx, RSA_CLIENT_CERT, 
SSL_FILETYPE_PEM))
    {
        ERRLOG("Cannot use Certificate File:%s", ERR_error_string( 
ERR_get_error(), NULL ));
        return false;
    }

    SSL_CTX_set_default_passwd_cb_userdata(m_pCtx, (void*)"Memo_Server");
 
    if (0 == SSL_CTX_use_PrivateKey_file(m_pCtx, RSA_CLIENT_KEY, 
SSL_FILETYPE_PEM))
    {
        ERRLOG("Cannot use Private Key:%s", ERR_error_string( ERR_get_error(), 
NULL ));
        return false;
    }

    /* Check if the client certificate and private-key matches 验证私钥是否与证书一致*/
    if (0 == SSL_CTX_check_private_key(m_pCtx))
    {
        ERRLOG("Private key does not match the certificate public key");
        return false;
    }

    return true;
}
SSL_CTX_use_certificate_file return 0, and the log show: error:140AB18F:SSL 
routines:SSL_CTX_use_certificate:ee key too small
1. this programe is running well in one server, but failed in another. actually 
these 2 servers is mirrow relationship. 2. I checked the pem file (as 
attached), also is same on two servers3. I checked the error reason, but cannot 
find any description about it in the website.I am almost crazy for this issue, 
would you help to check what's the reason of this error for me? thanks a lot!
my OS: Linux version 3.7.10-1.1-desktop (geeko@buildhost) (gcc version 4.7.2 
20130108 [gcc-4_7-branch revision 195012] (SUSE Linux) ) #1 SMP PREEMPT Thu Feb 
28 15:06:29 UTC 2013 (82d3f21)OpenSSL version: OpenSSL 1.1.0  25 Aug 2016
thanks & Regards!
-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4673
Please log in as guest with password guest if prompted

Attachment: PushChatCert.pem
Description: Binary data

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to