[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-dev
Subject:
From: Guy Sagy <guysagy () usa ! net>
Date: 2001-04-23 19:26:07
[Download RAW message or body]
Hi ,
I have created a DSA certificate & private key files for my server with the
following commands , which seems to have ended OK :
rem Create a new certificate for my CA using a root CA certificate:
openssl req -new -x509 -keyout cakey.pem -out cacert.pem -config openssl.cnf
-newkey dsa:root.pem
rem Create a new certificate request for my server
openssl req -new -keyout servkey.pem -out servreq.pem -days 360 -config
openssl.cnf -newkey dsa:cacert.pem
rem Get my server certificate signed by the CA
openssl ca -policy policy_anything -out servcert.pem -config openssl.cnf
-infiles servreq.pem
And then tried to do application initializations on the SSL library using the
following function:
SSL_CTX* InitializeSSL( char* password )
{
SSL_METHOD* pSSLMethod;
SSL_CTX *pSSLContext;
SSL_library_init();
SSL_load_error_strings();
pSSLMethod = SSLv23_method();
pSSLContext = SSL_CTX_new( pSSLMethod );
if ( !(SSL_CTX_use_certificate_file( pSSLContext, "servcert.pem",
SSL_FILETYPE_PEM )))
Error( "Unable to load certificate file" );
pass = password;
SSL_CTX_set_default_passwd_cb( pSSLContext, password_cb );
if ( !( SSL_CTX_use_PrivateKey_file( pSSLContext, "servkey.pem",
SSL_FILETYPE_PEM )))
Error( "Unable to load private key" );
if ( !(SSL_CTX_load_verify_locations( pSSLContext, "cacert.pem", 0 )))
Error( "Couldn't read CA cert" );
SSL_CTX_set_verify_depth( pSSLContext, 1 );
if ( !( RAND_load_file( RANDOM, 1024*1024 )))
Error( "Couldn't load randomness" );
return pSSLContext;
}
But the function call SSL_CTX_use_PrivateKey_file(...) above fails internally
inside pem_lib.c , on line 451 , line
PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT) .
Anybody got an idea what might be wrong here with my server key file, or
anything else...?
I am using OpenSSL 0.9.6a on a Windows NT machine.
Thanks,
Guy
Guy Sagy
Residence :
2600 Netherland Ave.
Apt. #1923
Riverdale, New York 10463
USA
E-mail : guysagy@usa.net
Residence Tel. :
(718)548-3673
Office Tel. :
(212)820-5287
____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic