Skip Menu |

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 67839
Status: resolved
Worked: 15 min
Priority: 0/
Queue: Net-SSLeay

Owner: MIKEM [...]
Requestors: jdefer [...]

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

Subject: unable to use DSA private key files for client certificates
Date: Fri, 29 Apr 2011 10:15:25 -0700
To: bug-net-ssleay [...]
From: Jesse DeFer <jdefer [...]>
Download (untitled) / with headers
text/plain 1.2k
sslcat (and possibly other functions) expect RSA keys and will not load DSA keys for client certificates. When $path_to_key is a PEM formatted DSA private key: ($reply, $err, $server_cert) = sslcat($host, $port, $request, $path_to_crt, $path_to_key); The error I get is: private key `KeyStore.key' () 32604: 1 - error:0607907F:digital envelope routines:EVP_PKEY_get1_RSA:expecting an rsa key private key `KeyStore.key' () 32604: 2 - error:140B3009:SSL routines:SSL_CTX_use_RSAPrivateKey_file:PEM lib Modifying set_cert_and_key like so fixes the problem: ---    2011-04-29 10:00:33.939262908 -0700 +++    2011-04-29 10:00:46.382592930 -0700 @@ -2507,7 +2507,7 @@      my ($ctx, $cert_path, $key_path) = @_;      my $errs = '';      # Following will ask password unless private key is not encrypted -    CTX_use_RSAPrivateKey_file ($ctx, $key_path, &FILETYPE_PEM); +    CTX_use_PrivateKey_file ($ctx, $key_path, &FILETYPE_PEM);      $errs .= print_errs("private key `$key_path' ($!)");      CTX_use_certificate_file ($ctx, $cert_path, &FILETYPE_PEM);      $errs .= print_errs("certificate `$cert_path' ($!)"); perl 5, version 12, subversion 2 (v5.12.2) built for x86_64-linux-thread-multi Red Hat Enterprise Linux Server release 5.6 (Tikanga)
Thanks for reporting this. Your patch is now in the latest SVN. Cheers.

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to