Anonymous | Login | Signup for a new account | 10-30-2024 04:15 PDT |
Main | My View | View Issues | Change Log | Docs |
Viewing Issue Advanced Details [ Jump to Notes ] | [ View Simple ] [ Issue History ] [ Print ] | ||||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
0001670 | [Resin] | feature | always | 04-04-07 13:43 | 04-05-07 09:12 | ||||
Reporter | thintz | View Status | public | ||||||
Assigned To | ferg | ||||||||
Priority | normal | Resolution | fixed | Platform | |||||
Status | closed | OS | |||||||
Projection | none | OS Version | |||||||
ETA | none | Fixed in Version | 3.1.1 | Product Version | 3.0.23 | ||||
Product Build | |||||||||
Summary | 0001670: Some SSL certificates not usable | ||||||||
Description |
Some certificate encodings prevent SSL certificates from being used. OpenSSL reports: dump the error response produced by the open SSL > libraries: > > OpenSSL support compiled for OpenSSL 0.9.7i 14 Oct 2005 > 23439:error:06074079:digital envelope > routines:EVP_PBE_CipherInit:unknown pbe > algorithm:/on10/build-nd/G10U4B0/usr/src/common/openssl/crypto/evp/evp > _pbe.c:89:TYPE=pbeWithMD5AndDES-CBC > 23439:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor > cipherinit > error:/on10/build-nd/G10U4B0/usr/src/common/openssl/crypto/pkcs12/p12_decr.c:83: > 23439:error:2306A075:PKCS12 routines:PKCS12_decrypt_d2i:pkcs12 pbe crypt > error:/on10/build-nd/G10U4B0/usr/src/common/openssl/crypto/pkcs12/p12_decr.c:122: > 23439:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 > lib:/on10/build-nd/G10U4B0/usr/src/common/openssl/crypto/pem/pem_pkey.c:121: > 23439:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM > lib:../../../../common/openssl/ssl/ssl_rsa.c:709: |
||||||||
Steps To Reproduce | |||||||||
Additional Information |
I modified resin 3.0.23's ssl.c per the open ssl instructions at the following web address and now we can use the certificate supplied. Not sure if the change is appropriate, but it works. http://www.openssl.org/support/faq.html#PROG8 [^] The specific code change was this: JNIEXPORT void JNICALL Java_com_caucho_vfs_OpenSSLFactory_nativeInit(JNIEnv *env, jobject obj, jlong p_ss, jlong p_config) { server_socket_t *ss = (server_socket_t *) (PTR) p_ss; ssl_config_t *config = (ssl_config_t *) (PTR) p_config; if (! ss || ! config) { resin_throw_exception(env, "java/lang/IllegalStateException", "server socket and config must have valid values."); return; } ss->ssl_config = config; if (! ss->context) { OpenSSL_add_all_algorithms(); // <--- added this line ss->context = ssl_create_context(env, config); fprintf(stderr, "OpenSSL support compiled for %s\n", OPENSSL_VERSION_TEXT); } } |
||||||||
Attached Files | |||||||||
|
Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
29 total queries executed. 26 unique queries executed. |