'' - MARC

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-dev
Subject:    
From:       Guy Sagy <guysagy () usa ! net>
Date:       2001-04-23 19:26:07
[Download RAW message or body]

Hi , 

I have created a DSA certificate & private key files for my server with the
following commands , which seems to have ended OK : 

rem Create a new certificate for my CA using a root CA certificate:
openssl req -new -x509 -keyout cakey.pem -out cacert.pem -config openssl.cnf
-newkey dsa:root.pem

rem Create a new certificate request for my server
openssl req -new -keyout servkey.pem -out servreq.pem -days 360 -config
openssl.cnf -newkey dsa:cacert.pem

rem Get my server certificate signed by the CA
openssl ca -policy policy_anything -out servcert.pem -config openssl.cnf
-infiles servreq.pem

And then tried to do application initializations on the SSL library using the
following function: 

SSL_CTX* InitializeSSL( char* password )
{
	SSL_METHOD* pSSLMethod;
	SSL_CTX *pSSLContext;

	SSL_library_init();
	SSL_load_error_strings();

	pSSLMethod = SSLv23_method();
	pSSLContext = SSL_CTX_new( pSSLMethod );

	if ( !(SSL_CTX_use_certificate_file( pSSLContext, "servcert.pem",
SSL_FILETYPE_PEM )))
		Error( "Unable to load certificate file" );

	pass = password;
	SSL_CTX_set_default_passwd_cb( pSSLContext, password_cb );
	if ( !( SSL_CTX_use_PrivateKey_file( pSSLContext, "servkey.pem",
SSL_FILETYPE_PEM )))
		Error( "Unable to load private key" );

	if ( !(SSL_CTX_load_verify_locations( pSSLContext, "cacert.pem", 0 )))
		Error( "Couldn't read CA cert" );

	SSL_CTX_set_verify_depth( pSSLContext, 1 );

	if ( !( RAND_load_file( RANDOM, 1024*1024 )))
		Error( "Couldn't load randomness" );

	return pSSLContext;
}

But the function call SSL_CTX_use_PrivateKey_file(...) above fails internally
inside pem_lib.c , on line 451 , line
PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT) .

Anybody got an idea what might be wrong here with my server key file, or
anything else...?
I am using OpenSSL 0.9.6a on a Windows NT machine.

Thanks,
Guy

Guy Sagy

Residence :  
2600 Netherland Ave. 
Apt. #1923 
Riverdale, New York 10463 
USA

E-mail : guysagy@usa.net

Residence Tel. : 
(718)548-3673

Office Tel. : 
(212)820-5287


____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majordomo@openssl.org

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic