Anonymous | Login | 2024-04-26 07:01 CEST |
Main | My View | View Issues |
Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
0005296 | [pound2] other | minor | have not tried | 2017-02-07 15:48 | 2017-02-09 15:52 | ||
Reporter | tomww | View Status | public | ||||
Assigned To | dam | ||||||
Priority | normal | Resolution | no change required | ||||
Status | closed | ||||||
Summary | 0005296: long RSA Keys can't be loaded - SSL_CTX_use_PrivateKey_file failed - aborted -- 2.7,REV=2015.02.25 | ||||||
Description |
It looks like 4096 bit RSA keys can't be used with the 2.7 version of pound Loading config fails with: "SSL_CTX_use_PrivateKey_file failed - aborted" |
||||||
Additional Information |
To reproduce try loading a letsencrypt 4096 bit RSA key Update of the package to latest version would be preferred. https://github.com/goochjj/pound/tree/upstream/branch/v2.8 [^] (switch to branch 2.8a) |
||||||
Tags | No tags attached. | ||||||
Attached Files | |||||||
|
Notes | |
(0011235) dam (administrator) 2017-02-08 08:28 |
Pound 2.7. is the latest stable version, please contact upstream and keep me posted when I can repackage something. |
(0011236) dam (administrator) 2017-02-08 15:53 |
Experimental packages will show up here soon; http://buildfarm.opencsw.org/experimental.html#pound [^] Please give them a go and let me know how it goes. |
(0011237) tomww (reporter) 2017-02-09 15:38 |
The experimental package in version 2.8a has been successfully used in SSL mode. During testing it revealed that the "SSL_CTX_use_PrivateKey_file failed - aborted" was not the fault of pound 2.7. While the command line openssl verify was happy with the combined *.pem file, the pound 2.8a config check wasn't. Only re-issuing the *key / *crt / combined *pem file helped that pound via library access to openssl libraries successfully verified and accepted the *.pem file. The error most likely was a mistake in preparing the *pem file. Key-length used in the second attempt was 2048bit. Diff between pound 2.7 and 2.8 seen by the Changelog is only: ------------------------------------------------------------------------ +r82 | roseg | 2016-10-23 16:59:47 +0200 (Sun, 23 Oct 2016) | 8 lines + +Release 2.8a + +Enhancements: + - removed DynScale flag and support + +Bug fixes: + - fixed potential request smuggling via fudged headers + +------------------------------------------------------------------------ +r81 | roseg | 2015-01-26 17:47:53 +0100 (Mon, 26 Jan 2015) | 30 lines + +Release 2.7 + [...] |
Copyright © 2000 - 2008 Mantis Group |