Re: [pound] Pound-3.0e: Error when reading PEM file
I believe it is. See pound.8 and the examples there. On Thu, 2020-10-29 at 15:47 +, Alessandro Baldoni via pound wrote: > Solved at last! > A syntax error in the YAML file. > This line: > > Certificates: "/etc/pound/c.pem" > > MUST be: > > Certificates: > - "/etc/pound/c.pem" > > Should this be documented? -- Robert Segall Apsis GmbH Postfach, Uetikon am See, CH-8707 Tel: +41-32-512 30 19 -- pound mailing list pound@apsis.ch https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch
Re: [pound] Pound-3.0e: Error when reading PEM file
Solved at last! A syntax error in the YAML file. This line: Certificates: "/etc/pound/c.pem" MUST be: Certificates: - "/etc/pound/c.pem" Should this be documented? Kind regards, [Unione della Romagna Faentina] [cid:f45cb0be-d717-4921-90c3-0717281506ed] dr. Alessandro Baldoni [cid:88c499d0-ca05-4ac8-b0cc-b63d914babbc] Servizio Informatica Via Severoli 7 48018 Faenza RA [cid:5ace4860-750a-4996-82d8-4c3a32f83fc0] 0546 691224 [cid:979f950b-ef55-4a6f-854b-a653072abc8c] alessandro.bald...@romagnafaentina.it [cid:6804d760-e320-4711-99b4-8a1088db18ff] p...@cert.romagnafaentina.it From: Alessandro Baldoni via pound Sent: Wednesday, October 28, 2020 19:09 To: pound@apsis.ch Cc: Alessandro Baldoni ; Robert Segall Subject: Re: [pound] Pound-3.0e: Error when reading PEM file Hello Robert, I managed to get rid of the error so I thought it useful to share. I used openssl to read and write back the private key: openssl rsa -in private.key -out private_same.key And it did the magic! I came to this solution by applying a KB article for Citrix NetScaler (that I own) which can be picky about private key. Now, however, I get a SIGSEGV: ...omissis... address 192.168.1.72 /root/Pound-3.0e/src/config.c:509 port 890 /root/Pound-3.0e/src/config.c:512 start get_certificates /root/Pound-3.0e/src/config.c:451 start get_one(/etc/pound/c.pem) /root/Pound-3.0e/src/config.c:377 start get_services /root/Pound-3.0e/src/config.c:209 HeadRequire Host: .*xxx.yyy.zzz.* /root/Pound-3.0e/src/config.c:237 push /root/Pound-3.0e/src/config.c:258 Segmentation fault (core dumped) Program received signal SIGSEGV, Segmentation fault. 0x00409c5e in get_https (root=0x4328e0, root=0x4328e0, document=0x7fffcb10) at /root/Pound-3.0e/src/config.c:548 548if(res.sni[0]->certificate.next != NULL) Is there any info I can provide to help debug the problem? Kind regards, [Unione della Romagna Faentina] [cid:3f964879-8639-40b7-9609-87549971a2d4] dr. Alessandro Baldoni [cid:24c5db01-cf9d-4128-8764-3411d9830652] Servizio Informatica Via Severoli 7 48018 Faenza RA [cid:7852a39a-a422-4dab-b282-846ce6d38b33] 0546 691224 [cid:7d5bae8e-77f3-45cd-b8da-b01026eefbae] alessandro.bald...@romagnafaentina.it [cid:56c8320a-a836-4717-a902-2753cf6bb7a3] p...@cert.romagnafaentina.it From: Robert Segall via pound Sent: Thursday, October 22, 2020 18:16 To: pound@apsis.ch Cc: Robert Segall Subject: Re: [pound] Pound-3.0e: Error when reading PEM file Hallo Alessandro I am a bit out of ideas. Perhaps you could try downloading, compiling, and linking to the newest version of mbedtls? The official distribution also contains a bunch of programs (similar to the "openssl" command) which could be helpful in debugging this issue. Worth a try... Failing that you could perhaps open a bug report on their mailing list. On Tue, 2020-10-20 at 13:19 +, Alessandro Baldoni via pound wrote: > Hello Robert, I run again the openssl command with version 1.1.1 and > now the output is: > > Private-Key: (2048 bit, 2 primes) > modulus: > publicExponent: 65537 (0x10001) > privateExponent: > prime1: > prime2: > exponent1: > exponent2: > coefficient: > > The previous output was with openssl 1.0.2e > Kind regards, > [Unione della Romagna Faentina] > [cid:0707f32f-186c-48bf-a2f3-ecd8c973753a] dr. Alessandro > Baldoni > [cid:670760e4-95b0-4cc8-aeb9-e9226ada149e] Servizio Informatica > Via Severoli 7 > 48018 Faenza RA > [cid:23f236d9-3050-45e9-9e56-17a3afcecee3] 0546 691224 > [cid:7d875fa5-071d-4e39-9265-1023abd18e9a] > alessandro.bald...@romagnafaentina.it > [cid:3d9b4127-2678-4d02-9faa-11baf517420a] > p...@cert.romagnafaentina.it > > From: Robert Segall > Sent: Monday, October 19, 2020 14:48 > To: Alessandro Baldoni ; > pound@apsis.ch > Subject: Re: [pound] Pound-3.0e: Error when reading PEM file > > Hallo Alessandro > > By "wrong values" I meant primes that do not result in the advertised > number of bits (for example). This is very unlikely, but not outright > impossible. > > What worries me more is that in your printout I see "Private-Key: > (2048 > bit)" rather than "RSA Private-Key: (2048 bit, 2 primes)". I believe > mbedssl (like other TLS1.3 implementations) is rather picky about the > tags used. Could you possibly check with your certificate provider > for > the reasons? Perhaps they could generate a new certificate with fully > compliant tags just for testing purposes? Alternately, I know the > latest versions of openssl generate these tags, so perhaps you could > create a self-signed certificate just for testing? > > BTW: this could also explain the issues people had
Re: [pound] Pound-3.0e: Error when reading PEM file
Hello Robert, I managed to get rid of the error so I thought it useful to share. I used openssl to read and write back the private key: openssl rsa -in private.key -out private_same.key And it did the magic! I came to this solution by applying a KB article for Citrix NetScaler (that I own) which can be picky about private key. Now, however, I get a SIGSEGV: ...omissis... address 192.168.1.72 /root/Pound-3.0e/src/config.c:509 port 890 /root/Pound-3.0e/src/config.c:512 start get_certificates /root/Pound-3.0e/src/config.c:451 start get_one(/etc/pound/c.pem) /root/Pound-3.0e/src/config.c:377 start get_services /root/Pound-3.0e/src/config.c:209 HeadRequire Host: .*xxx.yyy.zzz.* /root/Pound-3.0e/src/config.c:237 push /root/Pound-3.0e/src/config.c:258 Segmentation fault (core dumped) Program received signal SIGSEGV, Segmentation fault. 0x00409c5e in get_https (root=0x4328e0, root=0x4328e0, document=0x7fffcb10) at /root/Pound-3.0e/src/config.c:548 548if(res.sni[0]->certificate.next != NULL) Is there any info I can provide to help debug the problem? Kind regards, [Unione della Romagna Faentina] [cid:3f964879-8639-40b7-9609-87549971a2d4] dr. Alessandro Baldoni [cid:24c5db01-cf9d-4128-8764-3411d9830652] Servizio Informatica Via Severoli 7 48018 Faenza RA [cid:7852a39a-a422-4dab-b282-846ce6d38b33] 0546 691224 [cid:7d5bae8e-77f3-45cd-b8da-b01026eefbae] alessandro.bald...@romagnafaentina.it [cid:56c8320a-a836-4717-a902-2753cf6bb7a3] p...@cert.romagnafaentina.it From: Robert Segall via pound Sent: Thursday, October 22, 2020 18:16 To: pound@apsis.ch Cc: Robert Segall Subject: Re: [pound] Pound-3.0e: Error when reading PEM file Hallo Alessandro I am a bit out of ideas. Perhaps you could try downloading, compiling, and linking to the newest version of mbedtls? The official distribution also contains a bunch of programs (similar to the "openssl" command) which could be helpful in debugging this issue. Worth a try... Failing that you could perhaps open a bug report on their mailing list. On Tue, 2020-10-20 at 13:19 +, Alessandro Baldoni via pound wrote: > Hello Robert, I run again the openssl command with version 1.1.1 and > now the output is: > > Private-Key: (2048 bit, 2 primes) > modulus: > publicExponent: 65537 (0x10001) > privateExponent: > prime1: > prime2: > exponent1: > exponent2: > coefficient: > > The previous output was with openssl 1.0.2e > Kind regards, > [Unione della Romagna Faentina] > [cid:0707f32f-186c-48bf-a2f3-ecd8c973753a] dr. Alessandro > Baldoni > [cid:670760e4-95b0-4cc8-aeb9-e9226ada149e] Servizio Informatica > Via Severoli 7 > 48018 Faenza RA > [cid:23f236d9-3050-45e9-9e56-17a3afcecee3] 0546 691224 > [cid:7d875fa5-071d-4e39-9265-1023abd18e9a] > alessandro.bald...@romagnafaentina.it > [cid:3d9b4127-2678-4d02-9faa-11baf517420a] > p...@cert.romagnafaentina.it > > From: Robert Segall > Sent: Monday, October 19, 2020 14:48 > To: Alessandro Baldoni ; > pound@apsis.ch > Subject: Re: [pound] Pound-3.0e: Error when reading PEM file > > Hallo Alessandro > > By "wrong values" I meant primes that do not result in the advertised > number of bits (for example). This is very unlikely, but not outright > impossible. > > What worries me more is that in your printout I see "Private-Key: > (2048 > bit)" rather than "RSA Private-Key: (2048 bit, 2 primes)". I believe > mbedssl (like other TLS1.3 implementations) is rather picky about the > tags used. Could you possibly check with your certificate provider > for > the reasons? Perhaps they could generate a new certificate with fully > compliant tags just for testing purposes? Alternately, I know the > latest versions of openssl generate these tags, so perhaps you could > create a self-signed certificate just for testing? > > BTW: this could also explain the issues people had with Pound 2.8: > using a newer openssl version may have a similar effect. > > On Mon, 2020-10-19 at 10:40 +, Alessandro Baldoni wrote: > > Hello Robert, this is the output of the SSL command (values > > removed): > > > > Private-Key: (2048 bit) > > modulus: > > publicExponent: 65537 (0x10001) > > privateExponent: > > prime1: > > prime2: > > exponent1: > > exponent2: > > coefficient: > > > > What do you mean with "a problem of wrong values"? > > > > Kind regards, > > > > [Unione della Romagna Faentina] > > [cid:7d8f8d83-a9e4-4bf0-84b3-9e1aeeb31a71] dr. Alessandro > > Baldoni > > [cid:19f2ff9f-e848-4fe4-ac3c-65bd6301f0a7] Servizio > > Informatica > > Via Severoli 7 > > 48018 Fae
Re: [pound] Pound-3.0e: Error when reading PEM file
Hallo Alessandro I am a bit out of ideas. Perhaps you could try downloading, compiling, and linking to the newest version of mbedtls? The official distribution also contains a bunch of programs (similar to the "openssl" command) which could be helpful in debugging this issue. Worth a try... Failing that you could perhaps open a bug report on their mailing list. On Tue, 2020-10-20 at 13:19 +, Alessandro Baldoni via pound wrote: > Hello Robert, I run again the openssl command with version 1.1.1 and > now the output is: > > Private-Key: (2048 bit, 2 primes) > modulus: > publicExponent: 65537 (0x10001) > privateExponent: > prime1: > prime2: > exponent1: > exponent2: > coefficient: > > The previous output was with openssl 1.0.2e > Kind regards, > [Unione della Romagna Faentina] > [cid:0707f32f-186c-48bf-a2f3-ecd8c973753a] dr. Alessandro > Baldoni > [cid:670760e4-95b0-4cc8-aeb9-e9226ada149e] Servizio Informatica > Via Severoli 7 > 48018 Faenza RA > [cid:23f236d9-3050-45e9-9e56-17a3afcecee3] 0546 691224 > [cid:7d875fa5-071d-4e39-9265-1023abd18e9a] > alessandro.bald...@romagnafaentina.it > [cid:3d9b4127-2678-4d02-9faa-11baf517420a] > p...@cert.romagnafaentina.it > > From: Robert Segall > Sent: Monday, October 19, 2020 14:48 > To: Alessandro Baldoni ; > pound@apsis.ch > Subject: Re: [pound] Pound-3.0e: Error when reading PEM file > > Hallo Alessandro > > By "wrong values" I meant primes that do not result in the advertised > number of bits (for example). This is very unlikely, but not outright > impossible. > > What worries me more is that in your printout I see "Private-Key: > (2048 > bit)" rather than "RSA Private-Key: (2048 bit, 2 primes)". I believe > mbedssl (like other TLS1.3 implementations) is rather picky about the > tags used. Could you possibly check with your certificate provider > for > the reasons? Perhaps they could generate a new certificate with fully > compliant tags just for testing purposes? Alternately, I know the > latest versions of openssl generate these tags, so perhaps you could > create a self-signed certificate just for testing? > > BTW: this could also explain the issues people had with Pound 2.8: > using a newer openssl version may have a similar effect. > > On Mon, 2020-10-19 at 10:40 +, Alessandro Baldoni wrote: > > Hello Robert, this is the output of the SSL command (values > > removed): > > > > Private-Key: (2048 bit) > > modulus: > > publicExponent: 65537 (0x10001) > > privateExponent: > > prime1: > > prime2: > > exponent1: > > exponent2: > > coefficient: > > > > What do you mean with "a problem of wrong values"? > > > > Kind regards, > > > > [Unione della Romagna Faentina] > > [cid:7d8f8d83-a9e4-4bf0-84b3-9e1aeeb31a71] dr. Alessandro > > Baldoni > > [cid:19f2ff9f-e848-4fe4-ac3c-65bd6301f0a7] Servizio > > Informatica > > Via Severoli 7 > > 48018 Faenza RA > > [cid:03df2d07-aef8-437c-8826-30d9d43e5250] 0546 691224 > > [cid:61e85ff2-c4dd-4fb5-a25b-25e1039aa233] > > alessandro.bald...@romagnafaentina.it > > [cid:447cce9f-3bab-4731-81a1-c49b0721e761] > > p...@cert.romagnafaentina.it > > > > From: Robert Segall via pound > > Sent: Monday, October 19, 2020 11:12 > > To: pound@apsis.ch > > Cc: Robert Segall > > Subject: Re: [pound] Pound-3.0e: Error when reading PEM file > > > > Hallo Alessandro > > > > Please have a look at your private key and check what it contains. > > To > > see it use the command "openssl rsa -noout -text -in cert.pem". The > > expected output: > > > > RSA Private-Key: (... bit, 2 primes) > > modulus: > > ... > > publicExponent: ... (...) > > privateExponent: > > ... > > prime1: > > ... > > prime2: > > ... > > exponent1: > > ... > > exponent2: > > ... > > coefficient: > > ... > > > > If your key looks different it may cause issues, otherwise it may > > be > > a > > problem of wrong values. > -- > Robert Segall > Apsis GmbH > Postfach, Uetikon am See, CH-8707 > Tel: +41-32-512 30 19 > -- Robert Segall Apsis GmbH Postfach, Uetikon am See, CH-8707 Tel: +41-32-512 30 19 -- pound mailing list pound@apsis.ch https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch
Re: [pound] Pound-3.0e: Error when reading PEM file
Hello Robert, I run again the openssl command with version 1.1.1 and now the output is: Private-Key: (2048 bit, 2 primes) modulus: publicExponent: 65537 (0x10001) privateExponent: prime1: prime2: exponent1: exponent2: coefficient: The previous output was with openssl 1.0.2e Kind regards, [Unione della Romagna Faentina] [cid:0707f32f-186c-48bf-a2f3-ecd8c973753a] dr. Alessandro Baldoni [cid:670760e4-95b0-4cc8-aeb9-e9226ada149e] Servizio Informatica Via Severoli 7 48018 Faenza RA [cid:23f236d9-3050-45e9-9e56-17a3afcecee3] 0546 691224 [cid:7d875fa5-071d-4e39-9265-1023abd18e9a] alessandro.bald...@romagnafaentina.it [cid:3d9b4127-2678-4d02-9faa-11baf517420a] p...@cert.romagnafaentina.it From: Robert Segall Sent: Monday, October 19, 2020 14:48 To: Alessandro Baldoni ; pound@apsis.ch Subject: Re: [pound] Pound-3.0e: Error when reading PEM file Hallo Alessandro By "wrong values" I meant primes that do not result in the advertised number of bits (for example). This is very unlikely, but not outright impossible. What worries me more is that in your printout I see "Private-Key: (2048 bit)" rather than "RSA Private-Key: (2048 bit, 2 primes)". I believe mbedssl (like other TLS1.3 implementations) is rather picky about the tags used. Could you possibly check with your certificate provider for the reasons? Perhaps they could generate a new certificate with fully compliant tags just for testing purposes? Alternately, I know the latest versions of openssl generate these tags, so perhaps you could create a self-signed certificate just for testing? BTW: this could also explain the issues people had with Pound 2.8: using a newer openssl version may have a similar effect. On Mon, 2020-10-19 at 10:40 +, Alessandro Baldoni wrote: > Hello Robert, this is the output of the SSL command (values removed): > > Private-Key: (2048 bit) > modulus: > publicExponent: 65537 (0x10001) > privateExponent: > prime1: > prime2: > exponent1: > exponent2: > coefficient: > > What do you mean with "a problem of wrong values"? > > Kind regards, > > [Unione della Romagna Faentina] > [cid:7d8f8d83-a9e4-4bf0-84b3-9e1aeeb31a71] dr. Alessandro > Baldoni > [cid:19f2ff9f-e848-4fe4-ac3c-65bd6301f0a7] Servizio Informatica > Via Severoli 7 > 48018 Faenza RA > [cid:03df2d07-aef8-437c-8826-30d9d43e5250] 0546 691224 > [cid:61e85ff2-c4dd-4fb5-a25b-25e1039aa233] > alessandro.bald...@romagnafaentina.it > [cid:447cce9f-3bab-4731-81a1-c49b0721e761] > p...@cert.romagnafaentina.it > > From: Robert Segall via pound > Sent: Monday, October 19, 2020 11:12 > To: pound@apsis.ch > Cc: Robert Segall > Subject: Re: [pound] Pound-3.0e: Error when reading PEM file > > Hallo Alessandro > > Please have a look at your private key and check what it contains. To > see it use the command "openssl rsa -noout -text -in cert.pem". The > expected output: > > RSA Private-Key: (... bit, 2 primes) > modulus: > ... > publicExponent: ... (...) > privateExponent: > ... > prime1: > ... > prime2: > ... > exponent1: > ... > exponent2: > ... > coefficient: > ... > > If your key looks different it may cause issues, otherwise it may be > a > problem of wrong values. -- Robert Segall Apsis GmbH Postfach, Uetikon am See, CH-8707 Tel: +41-32-512 30 19 -- pound mailing list pound@apsis.ch https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch
Re: [pound] Pound-3.0e: Error when reading PEM file
Hello Robert, this is the output of the SSL command (values removed): Private-Key: (2048 bit) modulus: publicExponent: 65537 (0x10001) privateExponent: prime1: prime2: exponent1: exponent2: coefficient: What do you mean with "a problem of wrong values"? Kind regards, [Unione della Romagna Faentina] [cid:7d8f8d83-a9e4-4bf0-84b3-9e1aeeb31a71] dr. Alessandro Baldoni [cid:19f2ff9f-e848-4fe4-ac3c-65bd6301f0a7] Servizio Informatica Via Severoli 7 48018 Faenza RA [cid:03df2d07-aef8-437c-8826-30d9d43e5250] 0546 691224 [cid:61e85ff2-c4dd-4fb5-a25b-25e1039aa233] alessandro.bald...@romagnafaentina.it [cid:447cce9f-3bab-4731-81a1-c49b0721e761] p...@cert.romagnafaentina.it From: Robert Segall via pound Sent: Monday, October 19, 2020 11:12 To: pound@apsis.ch Cc: Robert Segall Subject: Re: [pound] Pound-3.0e: Error when reading PEM file Hallo Alessandro Please have a look at your private key and check what it contains. To see it use the command "openssl rsa -noout -text -in cert.pem". The expected output: RSA Private-Key: (... bit, 2 primes) modulus: ... publicExponent: ... (...) privateExponent: ... prime1: ... prime2: ... exponent1: ... exponent2: ... coefficient: ... If your key looks different it may cause issues, otherwise it may be a problem of wrong values. -- Robert Segall Apsis GmbH Postfach, Uetikon am See, CH-8707 Tel: +41-32-512 30 19 -- pound mailing list pound@apsis.ch https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch -- pound mailing list pound@apsis.ch https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch
Re: [pound] Pound-3.0e: Error when reading PEM file
Hallo Alessandro By "wrong values" I meant primes that do not result in the advertised number of bits (for example). This is very unlikely, but not outright impossible. What worries me more is that in your printout I see "Private-Key: (2048 bit)" rather than "RSA Private-Key: (2048 bit, 2 primes)". I believe mbedssl (like other TLS1.3 implementations) is rather picky about the tags used. Could you possibly check with your certificate provider for the reasons? Perhaps they could generate a new certificate with fully compliant tags just for testing purposes? Alternately, I know the latest versions of openssl generate these tags, so perhaps you could create a self-signed certificate just for testing? BTW: this could also explain the issues people had with Pound 2.8: using a newer openssl version may have a similar effect. On Mon, 2020-10-19 at 10:40 +, Alessandro Baldoni wrote: > Hello Robert, this is the output of the SSL command (values removed): > > Private-Key: (2048 bit) > modulus: > publicExponent: 65537 (0x10001) > privateExponent: > prime1: > prime2: > exponent1: > exponent2: > coefficient: > > What do you mean with "a problem of wrong values"? > > Kind regards, > > [Unione della Romagna Faentina] > [cid:7d8f8d83-a9e4-4bf0-84b3-9e1aeeb31a71] dr. Alessandro > Baldoni > [cid:19f2ff9f-e848-4fe4-ac3c-65bd6301f0a7] Servizio Informatica > Via Severoli 7 > 48018 Faenza RA > [cid:03df2d07-aef8-437c-8826-30d9d43e5250] 0546 691224 > [cid:61e85ff2-c4dd-4fb5-a25b-25e1039aa233] > alessandro.bald...@romagnafaentina.it > [cid:447cce9f-3bab-4731-81a1-c49b0721e761] > p...@cert.romagnafaentina.it > > From: Robert Segall via pound > Sent: Monday, October 19, 2020 11:12 > To: pound@apsis.ch > Cc: Robert Segall > Subject: Re: [pound] Pound-3.0e: Error when reading PEM file > > Hallo Alessandro > > Please have a look at your private key and check what it contains. To > see it use the command "openssl rsa -noout -text -in cert.pem". The > expected output: > > RSA Private-Key: (... bit, 2 primes) > modulus: > ... > publicExponent: ... (...) > privateExponent: > ... > prime1: > ... > prime2: > ... > exponent1: > ... > exponent2: > ... > coefficient: > ... > > If your key looks different it may cause issues, otherwise it may be > a > problem of wrong values. -- Robert Segall Apsis GmbH Postfach, Uetikon am See, CH-8707 Tel: +41-32-512 30 19 -- pound mailing list pound@apsis.ch https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch
Re: [pound] Pound-3.0e: Error when reading PEM file
Hallo Alessandro Please have a look at your private key and check what it contains. To see it use the command "openssl rsa -noout -text -in cert.pem". The expected output: RSA Private-Key: (... bit, 2 primes) modulus: ... publicExponent: ... (...) privateExponent: ... prime1: ... prime2: ... exponent1: ... exponent2: ... coefficient: ... If your key looks different it may cause issues, otherwise it may be a problem of wrong values. -- Robert Segall Apsis GmbH Postfach, Uetikon am See, CH-8707 Tel: +41-32-512 30 19 -- pound mailing list pound@apsis.ch https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch
Re: [pound] Pound-3.0e: Error when reading PEM file
Hello Henrik, the cert I'm using works fine with pound 2.8 on CentOS 6 (openssl 1.0.1e) I'm getting the error with pound 3.0e which no longer uses openssl but mbedtls. Alessandro From: Henrik Rosenke via pound Sent: Thursday, October 15, 2020 21:15 To: pound@apsis.ch Cc: Henrik Rosenke Subject: Re: [pound] Pound-3.0e: Error when reading PEM file Hello Robert and Alessandro, we get a similar error with a few Certificates after upgrading from pound 2.7 to pound 2.8 on FreeBSD with openssl 1.0.2u. A Tomcat behind the pound is reading the X-SSL-Certificate Header and the header seems to get truncated on a few certificates. Which Version did you upgrade from? i tried to set the MAXBUF (pound.h) from 4096 to 8192 (this seems to be also set in the new 3. Version) but this doesnt help. I will try to gather more Information about this error. We first thought that the length of the Certificate is the Problem (good cert 1666 bytes, bad cert 1672 bytes) but thats not the case. Other longer Certificates will work but a few others wont, i dont see a pattern there. Kind Regards, Henrik Am 15.10.20 um 20:42 schrieb pound-requ...@apsis.ch: > Send pound mailing list submissions to >pound@apsis.ch > > To subscribe or unsubscribe via the World Wide Web, visit >https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch > or, via email, send a message with subject or body 'help' to >pound-requ...@apsis.ch > > You can reach the person managing the list at >pound-ow...@apsis.ch > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of pound digest..." > > > Today's Topics: > > 1. Re: Pound-3.0e: Error when reading PEM file (Alessandro Baldoni) > > > -- > > Message: 1 > Date: Thu, 15 Oct 2020 06:56:42 + > From: Alessandro Baldoni > To: "pound@apsis.ch" > Cc: Robert Segall > Subject: Re: [pound] Pound-3.0e: Error when reading PEM file > Message-ID: > > > > Content-Type: text/plain; charset="us-ascii" > > Hello Robert, here is the output of pound and che content of the PEM file. I > also tried converting the PEM to DER but the error is the same. > > debug option 5 /root/Pound-3.0e/src/config.c:631 > start get_others /root/Pound-3.0e/src/config.c:563 > start get_backends /root/Pound-3.0e/src/config.c:123 > addr pound.comunefaenza.local /root/Pound-3.0e/src/config.c:139 > port 885 /root/Pound-3.0e/src/config.c:142 > push /root/Pound-3.0e/src/config.c:168 > addr easytraffic.comunefaenza.local /root/Pound-3.0e/src/config.c:139 > port 80 /root/Pound-3.0e/src/config.c:142 > push /root/Pound-3.0e/src/config.c:168 > start get_http /root/Pound-3.0e/src/config.c:277 > addr 192.168.1.72 /root/Pound-3.0e/src/config.c:291 > port 888 /root/Pound-3.0e/src/config.c:294 > start get_services /root/Pound-3.0e/src/config.c:209 > HeadRequire Host: .*apps.* /root/Pound-3.0e/src/config.c:237 > URL .*/google0a441f3c9d875eed.html /root/Pound-3.0e/src/config.c:228 > push /root/Pound-3.0e/src/config.c:258 > push /root/Pound-3.0e/src/config.c:320 > start get_https /root/Pound-3.0e/src/config.c:488 > address 192.168.1.72 /root/Pound-3.0e/src/config.c:509 > port 890 /root/Pound-3.0e/src/config.c:512 > start get_certificates /root/Pound-3.0e/src/config.c:451 > start get_one(/etc/pound/comune.faenza.ra.it.pem) > /root/Pound-3.0e/src/config.c:377 > SNI: can't read key /etc/pound/comune.faenza.ra.it.pem, PK - Invalid key tag > or value > > -BEGIN CERTIFICATE- > MIIHizCCBXOgAwIBAgIQS02wKH/WeiTmw37ODrURRTANBgkqhkiG9w0BAQsFADCB > iTELMAkGA1UEBhMCSVQxEDAOBgNVBAgMB0JlcmdhbW8xGTAXBgNVBAcMEFBvbnRl > IFNhbiBQaWV0cm8xFzAVBgNVBAoMDkFjdGFsaXMgUy5wLkEuMTQwMgYDVQQDDCtB > Y3RhbGlzIE9yZ2FuaXphdGlvbiBWYWxpZGF0ZWQgU2VydmVyIENBIEczMB4XDTIw > MDgxNDE1NTEyMFoXDTIxMDcwNTA2NTEyMFowgZcxCzAJBgNVBAYTAklUMRAwDgYD > VQQIDAdSYXZlbm5hMQ8wDQYDVQQHDAZGYWVuemExJjAkBgNVBAoMHVVuaW9uZSBk > ZWxsYSBSb21hZ25hIEZhZW50aW5hMR0wGwYDVQQLDBRTZXJ2aXppbyBJbmZvcm1h > dGljYTEeMBwGA1UEAwwVKi5jb211bmUuZmFlbnphLnJhLml0MIIBIjANBgkqhkiG > 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjp08Nr2L9tpgft1KJxN4NvoOmTW4qwyioYzv > 74Hp4kghjq5dh1xAAUbyGvRN3e/4RpTUaWGkB0BwTxwz2hXYtI8Pb+96XFVsaiOt > ecOwN7FlZNk7DHhySTxUIocWLrCbMW1weyT9fDy9dKZhg5CO+S+EPv2Hqq2QehHC > 6rTWrOJ/rezjJbNdY3wcB2E4fsz5ClWDlBMCiIIqhT9lqajXTgq89eDWGqUeG6gN > JWpvYq7PqcBWYULHiyL/1A/Vj20ksydSdtG/QHf3492n9mRe3oL19VJ2XyG5BY6r > C94bdoM/2pdkVqfsrbb3sJip6Dte7AujAowxkNn7EOoirKteMQIDAQABo4IC3TCC > AtkwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSfirG18bHegvQnfL6Izd6pQ4Gj > SzB+BggrBgEFBQcBAQRyMHAwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jYWNlcnQuYWN0 > YWxpcy5pdC9jZXJ0cy9hY3RhbGlzL
Re: [pound] Pound-3.0e: Error when reading PEM file
Hello Robert and Alessandro, we get a similar error with a few Certificates after upgrading from pound 2.7 to pound 2.8 on FreeBSD with openssl 1.0.2u. A Tomcat behind the pound is reading the X-SSL-Certificate Header and the header seems to get truncated on a few certificates. Which Version did you upgrade from? i tried to set the MAXBUF (pound.h) from 4096 to 8192 (this seems to be also set in the new 3. Version) but this doesnt help. I will try to gather more Information about this error. We first thought that the length of the Certificate is the Problem (good cert 1666 bytes, bad cert 1672 bytes) but thats not the case. Other longer Certificates will work but a few others wont, i dont see a pattern there. Kind Regards, Henrik Am 15.10.20 um 20:42 schrieb pound-requ...@apsis.ch: Send pound mailing list submissions to pound@apsis.ch To subscribe or unsubscribe via the World Wide Web, visit https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch or, via email, send a message with subject or body 'help' to pound-requ...@apsis.ch You can reach the person managing the list at pound-ow...@apsis.ch When replying, please edit your Subject line so it is more specific than "Re: Contents of pound digest..." Today's Topics: 1. Re: Pound-3.0e: Error when reading PEM file (Alessandro Baldoni) -- Message: 1 Date: Thu, 15 Oct 2020 06:56:42 + From: Alessandro Baldoni To: "pound@apsis.ch" Cc: Robert Segall Subject: Re: [pound] Pound-3.0e: Error when reading PEM file Message-ID: Content-Type: text/plain; charset="us-ascii" Hello Robert, here is the output of pound and che content of the PEM file. I also tried converting the PEM to DER but the error is the same. debug option 5 /root/Pound-3.0e/src/config.c:631 start get_others /root/Pound-3.0e/src/config.c:563 start get_backends /root/Pound-3.0e/src/config.c:123 addr pound.comunefaenza.local /root/Pound-3.0e/src/config.c:139 port 885 /root/Pound-3.0e/src/config.c:142 push /root/Pound-3.0e/src/config.c:168 addr easytraffic.comunefaenza.local /root/Pound-3.0e/src/config.c:139 port 80 /root/Pound-3.0e/src/config.c:142 push /root/Pound-3.0e/src/config.c:168 start get_http /root/Pound-3.0e/src/config.c:277 addr 192.168.1.72 /root/Pound-3.0e/src/config.c:291 port 888 /root/Pound-3.0e/src/config.c:294 start get_services /root/Pound-3.0e/src/config.c:209 HeadRequire Host: .*apps.* /root/Pound-3.0e/src/config.c:237 URL .*/google0a441f3c9d875eed.html /root/Pound-3.0e/src/config.c:228 push /root/Pound-3.0e/src/config.c:258 push /root/Pound-3.0e/src/config.c:320 start get_https /root/Pound-3.0e/src/config.c:488 address 192.168.1.72 /root/Pound-3.0e/src/config.c:509 port 890 /root/Pound-3.0e/src/config.c:512 start get_certificates /root/Pound-3.0e/src/config.c:451 start get_one(/etc/pound/comune.faenza.ra.it.pem) /root/Pound-3.0e/src/config.c:377 SNI: can't read key /etc/pound/comune.faenza.ra.it.pem, PK - Invalid key tag or value -BEGIN CERTIFICATE- MIIHizCCBXOgAwIBAgIQS02wKH/WeiTmw37ODrURRTANBgkqhkiG9w0BAQsFADCB iTELMAkGA1UEBhMCSVQxEDAOBgNVBAgMB0JlcmdhbW8xGTAXBgNVBAcMEFBvbnRl IFNhbiBQaWV0cm8xFzAVBgNVBAoMDkFjdGFsaXMgUy5wLkEuMTQwMgYDVQQDDCtB Y3RhbGlzIE9yZ2FuaXphdGlvbiBWYWxpZGF0ZWQgU2VydmVyIENBIEczMB4XDTIw MDgxNDE1NTEyMFoXDTIxMDcwNTA2NTEyMFowgZcxCzAJBgNVBAYTAklUMRAwDgYD VQQIDAdSYXZlbm5hMQ8wDQYDVQQHDAZGYWVuemExJjAkBgNVBAoMHVVuaW9uZSBk ZWxsYSBSb21hZ25hIEZhZW50aW5hMR0wGwYDVQQLDBRTZXJ2aXppbyBJbmZvcm1h dGljYTEeMBwGA1UEAwwVKi5jb211bmUuZmFlbnphLnJhLml0MIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjp08Nr2L9tpgft1KJxN4NvoOmTW4qwyioYzv 74Hp4kghjq5dh1xAAUbyGvRN3e/4RpTUaWGkB0BwTxwz2hXYtI8Pb+96XFVsaiOt ecOwN7FlZNk7DHhySTxUIocWLrCbMW1weyT9fDy9dKZhg5CO+S+EPv2Hqq2QehHC 6rTWrOJ/rezjJbNdY3wcB2E4fsz5ClWDlBMCiIIqhT9lqajXTgq89eDWGqUeG6gN JWpvYq7PqcBWYULHiyL/1A/Vj20ksydSdtG/QHf3492n9mRe3oL19VJ2XyG5BY6r C94bdoM/2pdkVqfsrbb3sJip6Dte7AujAowxkNn7EOoirKteMQIDAQABo4IC3TCC AtkwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSfirG18bHegvQnfL6Izd6pQ4Gj SzB+BggrBgEFBQcBAQRyMHAwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jYWNlcnQuYWN0 YWxpcy5pdC9jZXJ0cy9hY3RhbGlzLWF1dGhvdmczMDEGCCsGAQUFBzABhiVodHRw Oi8vb2NzcDA5LmFjdGFsaXMuaXQvVkEvQVVUSE9WLUczMDUGA1UdEQQuMCyCFSou Y29tdW5lLmZhZW56YS5yYS5pdIITY29tdW5lLmZhZW56YS5yYS5pdDBRBgNVHSAE SjBIMDwGBiuBHwETATAyMDAGCCsGAQUFBwIBFiRodHRwczovL3d3dy5hY3RhbGlz Lml0L2FyZWEtZG93bmxvYWQwCAYGZ4EMAQICMB0GA1UdJQQWMBQGCCsGAQUFBwMC BggrBgEFBQcDATBIBgNVHR8EQTA/MD2gO6A5hjdodHRwOi8vY3JsMDkuYWN0YWxp cy5pdC9SZXBvc2l0b3J5L0FVVEhPVi1HMy9nZXRMYXN0Q1JMMB0GA1UdDgQWBBTL O/sXravPyQYjMI5Kn4MlYd6ObDAOBgNVHQ8BAf8EBAMCBaAwggEEBgorBgEEAdZ5 AgQCBIH1BIHyAPAAdwBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAA AXPttEI5AAAEAwBIMEYCIQDIjAXgqi/N5OeuN5Ly86EjojiYQ2KQZos33qajjafu PQIhAOnqKe72kuGNqJII3qwJw9VSqSw/zGeBZbpnd9fP8HDCAHUAfT7y+I//iFVo JMLAyp5SiXkrxQ54CX8uapdomX4i8NcAAAFz7bRCEgAABAMARjBEAiAPYpVRbrLk gLs8zzHklHEDwh5d5uHKjKOr
Re: [pound] Pound-3.0e: Error when reading PEM file
AW iU/ynhU9WTIEe1VIoEDE79NPOI2/80RqbZqdpAKUaf0FvuqVXhEcjiJJu+d0w9YN b7gurd6xkaSXemW/fP4idBiNkd8aCVAdshGQYn6yh+na0Lu5IG88Z2kSIFcXDtwy zjcxkW86pwkO6GekEomVBNKcv0Cey2Smf8uhpZk15TSCeyFDrZBWH9OsDst/Tnhz pN156Huw3M3RRdEegt33fcyPykgt0HThxrEv9DwOzhs6lCQ5RNQJO7ZvZF1ZiqgT FOJ6vs1xMqECAwEAAaOCAfQwggHwMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgw FoAUUtiIOsifeGbtifN7OHCUyQICNtAwQQYIKwYBBQUHAQEENTAzMDEGCCsGAQUF BzABhiVodHRwOi8vb2NzcDA1LmFjdGFsaXMuaXQvVkEvQVVUSC1ST09UMEUGA1Ud IAQ+MDwwOgYEVR0gADAyMDAGCCsGAQUFBwIBFiRodHRwczovL3d3dy5hY3RhbGlz Lml0L2FyZWEtZG93bmxvYWQwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB MIHjBgNVHR8EgdswgdgwgZaggZOggZCGgY1sZGFwOi8vbGRhcDA1LmFjdGFsaXMu aXQvY24lM2RBY3RhbGlzJTIwQXV0aGVudGljYXRpb24lMjBSb290JTIwQ0EsbyUz ZEFjdGFsaXMlMjBTLnAuQS4lMmYwMzM1ODUyMDk2NyxjJTNkSVQ/Y2VydGlmaWNh dGVSZXZvY2F0aW9uTGlzdDtiaW5hcnkwPaA7oDmGN2h0dHA6Ly9jcmwwNS5hY3Rh bGlzLml0L1JlcG9zaXRvcnkvQVVUSC1ST09UL2dldExhc3RDUkwwHQYDVR0OBBYE FJ+KsbXxsd6C9Cd8vojN3qlDgaNLMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0B AQsFAAOCAgEAJbygMnKJ5M6byr5Ectq05ODqwNMtky8TEF3O55g6RHhxblf6OegZ 4ui4+ElHNOIXjycbeuUGuFA4LScCC9fnI1Rnn8TI2Q7OP5YWifEfnrdp99t/tJzQ hfdi7ZTdRRZZGV9x+grfR/RtjT2C3Lt9X4lcbuSxTea3PHAwwi0A3bYRR1L5ciPm eAnYtG9kpat8/RuC22oxiZZ5FdjU6wrRWkASRLiIwNcFIYfvpUbMWElaCUhqaB2y YvWF8o02pnaYb4bvTCg4cVabVnojUuuXH81LeQhhsSXLwcdwSdew0NL4zCiNCn2Q iDZpz2biCWDggibmWxsUUF6AbqMHnwsdS8vsKXiFQJHeAdNAhA+kwpqYAdhUiCdj RTUdtRNUucLvZEN1OAvVYyog9xYCfhtkqgXQROMANP+Z/+yaZahaP/Vgak/V00se Hdh7F+B6h5HVdwdh+17E2jl+aMTfyvBFcg2H/9Qjyl4TY8NW/6v0DPK52sVt8a35 I+7xLGLPohAl4z6pEf2OxgjMNfXXCXS33smRgz1dLQFo8UpAb3rf84zkXaqEI6Qi 2P+5pibVFQigRbn4RcE+K2a/nm2M/o+WZTSio+E+YXacnNk71VcO82biOof+jBKT iC3Xi7rAlypmme+QFBw9F1J89ig3smV/HaN8tO0lfTpvm7Zvzd5TkMs= -END CERTIFICATE- -BEGIN RSA PRIVATE KEY- -END RSA PRIVATE KEY- [Unione della Romagna Faentina] [cid:3fc5fe72-f36b-49e1-8f93-362975ba17bc] dr. Alessandro Baldoni [cid:cc9ddba0-6197-4edf-8b6a-8a82c90c2e10] Servizio Informatica Via Severoli 7 48018 Faenza RA [cid:af5282a0-32fb-422d-bb9c-84ee30423b6c] 0546 691224 [cid:7ca1bc1b-f1f0-4482-9894-ed41171a30d5] alessandro.bald...@romagnafaentina.it [cid:2e3e3331-f4e0-4191-a7a9-3625725bf282] p...@cert.romagnafaentina.it From: Robert Segall via pound Sent: Tuesday, October 13, 2020 18:29 To: pound@apsis.ch Cc: Robert Segall Subject: Re: [pound] Pound-3.0e: Error when reading PEM file Hallo Alessandro Please run Pound with debug level 5 and show the result here, as well as the PEM file in question (leave out the CONTENT of the private key) and/or the certificate in human-readable form. On Tue, 2020-10-13 at 16:21 +, Alessandro Baldoni via pound wrote: > Hello, I'm a pound 2 user and I'm trying out pound 3.0e. > In my test environment, when pound tries to read a PEM file (public > certificate+ca+private key) I get the error: > > SNI: can't read key /etc/pound/comune.faenza.ra.it.pem > > I've tinkered a bit with the source to get a more readable error: > > SNI: can't read key /etc/pound/comune.faenza.ra.it.pem, PK - Invalid > key tag or value > > The same file is correctly used by pound 2. > > Kind regards, > > Alessandro -- Robert Segall Apsis GmbH Postfach, Uetikon am See, CH-8707 Tel: +41-32-512 30 19 -- pound mailing list pound@apsis.ch https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch -- pound mailing list pound@apsis.ch https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch
Re: [pound] Pound-3.0e: Error when reading PEM file
0w9YN b7gurd6xkaSXemW/fP4idBiNkd8aCVAdshGQYn6yh+na0Lu5IG88Z2kSIFcXDtwy zjcxkW86pwkO6GekEomVBNKcv0Cey2Smf8uhpZk15TSCeyFDrZBWH9OsDst/Tnhz pN156Huw3M3RRdEegt33fcyPykgt0HThxrEv9DwOzhs6lCQ5RNQJO7ZvZF1ZiqgT FOJ6vs1xMqECAwEAAaOCAfQwggHwMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgw FoAUUtiIOsifeGbtifN7OHCUyQICNtAwQQYIKwYBBQUHAQEENTAzMDEGCCsGAQUF BzABhiVodHRwOi8vb2NzcDA1LmFjdGFsaXMuaXQvVkEvQVVUSC1ST09UMEUGA1Ud IAQ+MDwwOgYEVR0gADAyMDAGCCsGAQUFBwIBFiRodHRwczovL3d3dy5hY3RhbGlz Lml0L2FyZWEtZG93bmxvYWQwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB MIHjBgNVHR8EgdswgdgwgZaggZOggZCGgY1sZGFwOi8vbGRhcDA1LmFjdGFsaXMu aXQvY24lM2RBY3RhbGlzJTIwQXV0aGVudGljYXRpb24lMjBSb290JTIwQ0EsbyUz ZEFjdGFsaXMlMjBTLnAuQS4lMmYwMzM1ODUyMDk2NyxjJTNkSVQ/Y2VydGlmaWNh dGVSZXZvY2F0aW9uTGlzdDtiaW5hcnkwPaA7oDmGN2h0dHA6Ly9jcmwwNS5hY3Rh bGlzLml0L1JlcG9zaXRvcnkvQVVUSC1ST09UL2dldExhc3RDUkwwHQYDVR0OBBYE FJ+KsbXxsd6C9Cd8vojN3qlDgaNLMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0B AQsFAAOCAgEAJbygMnKJ5M6byr5Ectq05ODqwNMtky8TEF3O55g6RHhxblf6OegZ 4ui4+ElHNOIXjycbeuUGuFA4LScCC9fnI1Rnn8TI2Q7OP5YWifEfnrdp99t/tJzQ hfdi7ZTdRRZZGV9x+grfR/RtjT2C3Lt9X4lcbuSxTea3PHAwwi0A3bYRR1L5ciPm eAnYtG9kpat8/RuC22oxiZZ5FdjU6wrRWkASRLiIwNcFIYfvpUbMWElaCUhqaB2y YvWF8o02pnaYb4bvTCg4cVabVnojUuuXH81LeQhhsSXLwcdwSdew0NL4zCiNCn2Q iDZpz2biCWDggibmWxsUUF6AbqMHnwsdS8vsKXiFQJHeAdNAhA+kwpqYAdhUiCdj RTUdtRNUucLvZEN1OAvVYyog9xYCfhtkqgXQROMANP+Z/+yaZahaP/Vgak/V00se Hdh7F+B6h5HVdwdh+17E2jl+aMTfyvBFcg2H/9Qjyl4TY8NW/6v0DPK52sVt8a35 I+7xLGLPohAl4z6pEf2OxgjMNfXXCXS33smRgz1dLQFo8UpAb3rf84zkXaqEI6Qi 2P+5pibVFQigRbn4RcE+K2a/nm2M/o+WZTSio+E+YXacnNk71VcO82biOof+jBKT iC3Xi7rAlypmme+QFBw9F1J89ig3smV/HaN8tO0lfTpvm7Zvzd5TkMs= -END CERTIFICATE- -BEGIN RSA PRIVATE KEY- -END RSA PRIVATE KEY- Kind regards, [Unione della Romagna Faentina] [cid:89718c39-a334-4875-bcfb-9f09e578701c] dr. Alessandro Baldoni [cid:114e2968-031f-4eb0-b0b4-b58c1e4e4d4d] Servizio Informatica Via Severoli 7 48018 Faenza RA [cid:a60d627c-b002-42d4-a7cf-15ee02409e91] 0546 691224 [cid:c806e22d-cdec-4d05-8e4a-4984c9367a63] alessandro.bald...@romagnafaentina.it [cid:271d575f-112f-4aa1-975f-60de06a2ca7c] p...@cert.romagnafaentina.it From: Robert Segall via pound Sent: Tuesday, October 13, 2020 18:29 To: pound@apsis.ch Cc: Robert Segall Subject: Re: [pound] Pound-3.0e: Error when reading PEM file Hallo Alessandro Please run Pound with debug level 5 and show the result here, as well as the PEM file in question (leave out the CONTENT of the private key) and/or the certificate in human-readable form. On Tue, 2020-10-13 at 16:21 +, Alessandro Baldoni via pound wrote: > Hello, I'm a pound 2 user and I'm trying out pound 3.0e. > In my test environment, when pound tries to read a PEM file (public > certificate+ca+private key) I get the error: > > SNI: can't read key /etc/pound/comune.faenza.ra.it.pem > > I've tinkered a bit with the source to get a more readable error: > > SNI: can't read key /etc/pound/comune.faenza.ra.it.pem, PK - Invalid > key tag or value > > The same file is correctly used by pound 2. > > Kind regards, > > Alessandro -- Robert Segall Apsis GmbH Postfach, Uetikon am See, CH-8707 Tel: +41-32-512 30 19 -- pound mailing list pound@apsis.ch https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch -- pound mailing list pound@apsis.ch https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch
Re: [pound] Pound-3.0e: Error when reading PEM file
Hallo Alessandro Please run Pound with debug level 5 and show the result here, as well as the PEM file in question (leave out the CONTENT of the private key) and/or the certificate in human-readable form. On Tue, 2020-10-13 at 16:21 +, Alessandro Baldoni via pound wrote: > Hello, I'm a pound 2 user and I'm trying out pound 3.0e. > In my test environment, when pound tries to read a PEM file (public > certificate+ca+private key) I get the error: > > SNI: can't read key /etc/pound/comune.faenza.ra.it.pem > > I've tinkered a bit with the source to get a more readable error: > > SNI: can't read key /etc/pound/comune.faenza.ra.it.pem, PK - Invalid > key tag or value > > The same file is correctly used by pound 2. > > Kind regards, > > Alessandro -- Robert Segall Apsis GmbH Postfach, Uetikon am See, CH-8707 Tel: +41-32-512 30 19 -- pound mailing list pound@apsis.ch https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch
