[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: main: TLS init def ctx failed: -1
From: |
Fredrik Unger |
Subject: |
Re: main: TLS init def ctx failed: -1 |
Date: |
Fri, 26 Nov 2010 14:10:00 +0100 |
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.15) Gecko/20101030 Icedove/3.0.10 |
Hi,
Have tried to dig deeper, using gnutls-serv.
gnutls-serv --version
gnutls-serv (GnuTLS) 2.8.6
sudo gnutls-serv --debug 9 --x509cafile /etc/ssl/cacert.pem
--x509certfile /etc/ldap/cert/cert.pem
--x509keyfile /etc/ldap/cert/key.pem
Processed 1 CA certificate(s).
|<2>| ASSERT: <<<<<_b64.c:519
|<2>| ASSERT: privkey.c:171
|<2>| ASSERT: privkey.c:388
|<2>| ASSERT: privkey.c:415
|<2>| ASSERT: x509_b64.c:452
|<2>| Could not find '-----BEGIN PRIVATE KEY'
|<2>| ASSERT: x509_b64.c:452
|<2>| Could not find '-----BEGIN ENCRYPTED PRIVATE KEY'
|<2>| ASSERT: privkey_pkcs8.c:1099
|<2>| ASSERT: gnutls_x509.c:547
|<2>| ASSERT: gnutls_x509.c:597
Error reading '/etc/ldap/cert/cert.pem' or '/etc/ldap/cert/key.pem'
Error: Base64 unexpected header error.
sudo cat /etc/ldap/cert/key.pem
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,CA6CC40CD8CF4D0C802B925FC4EAAE91
Is the header the problem ?
Using openssl the key works :
openssl version
OpenSSL 0.9.8o 01 Jun 2010
sudo openssl s_server -cert /etc/ldap/cert/cert.pem -key
/etc/ldap/cert/key.pem -www
Enter pass phrase for /etc/ldap/cert/key.pem:
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
The key was created with an old openssl version (Oct 2008 after the
dsa-1571 problem).
Do you need more information ?
Can create a new key, but if is a gnutls bug, this report might help.
/Fredrik Unger