This makes the errors slightly more enlightening...
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 41769fe..b2b8d31 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2688,7 +2688,7 @@ int ssl3_send_client_verify(SSL *s)
}
else
{
- ERR_clear_error();
+ //ERR_clear_error();
}
#ifndef OPENSSL_NO_RSA
if (pkey->type == EVP_PKEY_RSA)
Now I get:
140606362789544:error:0608D096:digital envelope
routines:EVP_PKEY_sign_init:operation not supported for this
keytype:pmeth_fn.c:88:
140606362789544:error:06089093:digital envelope
routines:EVP_PKEY_CTX_ctrl:command not supported:pmeth_lib.c:335:
140606362789544:error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt
error:s3_pkt.c:1212:SSL alert number 51
140606362789544:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:184:
Reverting just that hunk of the 'offending' commit so that it's just
calling s->method->ssl3_enc->cert_verify_mac() unconditionally makes it
work again, even with 1.0.0.
In the TPM engine case, EVP_PKEY_CTX_new() is returning NULL because
!pkey->ameth.
--
dwmw2
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
TrouSerS-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-tech
