Mantis Bugtracker
  

Viewing Issue Advanced Details Jump to Notes ] View Simple ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0001670 [Resin] feature always 04-04-07 13:43 04-05-07 09:12
Reporter thintz View Status public  
Assigned To ferg
Priority normal Resolution fixed Platform
Status closed   OS
Projection none   OS Version
ETA none Fixed in Version 3.1.1 Product Version 3.0.23
  Product Build
Summary 0001670: Some SSL certificates not usable
Description Some certificate encodings prevent SSL certificates from being used. OpenSSL reports:

dump the error response produced by the open SSL
> libraries:
>
> OpenSSL support compiled for OpenSSL 0.9.7i 14 Oct 2005
> 23439:error:06074079:digital envelope
> routines:EVP_PBE_CipherInit:unknown pbe
> algorithm:/on10/build-nd/G10U4B0/usr/src/common/openssl/crypto/evp/evp
> _pbe.c:89:TYPE=pbeWithMD5AndDES-CBC
> 23439:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor
> cipherinit
> error:/on10/build-nd/G10U4B0/usr/src/common/openssl/crypto/pkcs12/p12_decr.c:83:
> 23439:error:2306A075:PKCS12 routines:PKCS12_decrypt_d2i:pkcs12 pbe crypt
> error:/on10/build-nd/G10U4B0/usr/src/common/openssl/crypto/pkcs12/p12_decr.c:122:
> 23439:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1
> lib:/on10/build-nd/G10U4B0/usr/src/common/openssl/crypto/pem/pem_pkey.c:121:
> 23439:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
> lib:../../../../common/openssl/ssl/ssl_rsa.c:709:

Steps To Reproduce
Additional Information I modified resin 3.0.23's ssl.c per the open ssl instructions at the following web address and now we can use the certificate supplied. Not sure if the change is appropriate, but it works.

http://www.openssl.org/support/faq.html#PROG8 [^]

The specific code change was this:

JNIEXPORT void JNICALL Java_com_caucho_vfs_OpenSSLFactory_nativeInit(JNIEnv *env,
                                              jobject obj,
                                              jlong p_ss,
                                              jlong p_config)
{
  server_socket_t *ss = (server_socket_t *) (PTR) p_ss;
  ssl_config_t *config = (ssl_config_t *) (PTR) p_config;

  if (! ss || ! config) {
    resin_throw_exception(env, "java/lang/IllegalStateException",
                          "server socket and config must have valid values.");
    return;
  }

  ss->ssl_config = config;

  if (! ss->context) {
        OpenSSL_add_all_algorithms(); // <--- added this line
    ss->context = ssl_create_context(env, config);

    fprintf(stderr, "OpenSSL support compiled for %s\n",
            OPENSSL_VERSION_TEXT);
  }
}
Attached Files

- Relationships

- Notes
(0001812)
ferg
04-05-07 09:12

Also fixed in 3.0.24.
 

- Issue History
Date Modified Username Field Change
04-04-07 13:43 thintz New Issue
04-05-07 09:12 ferg Note Added: 0001812
04-05-07 09:12 ferg Assigned To  => ferg
04-05-07 09:12 ferg Status new => closed
04-05-07 09:12 ferg Resolution open => fixed
04-05-07 09:12 ferg Fixed in Version  => 3.1.1


Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
29 total queries executed.
26 unique queries executed.
Powered by Mantis Bugtracker