search

aws-amplify / amplify-cli

The AWS Amplify CLI is a toolchain for simplifying serverless web and mobile development.
Apache License 2.0
2.82k stars 821 forks source link

"Error outputting keys and certificates" when adding APNS notifications to Amplify #12969

Open JoakimMellonn opened 1 year ago

JoakimMellonn commented 1 year ago

How did you install the Amplify CLI?

npm

If applicable, what version of Node.js are you using?

v18.13.0

Amplify CLI Version

12.1.1

What operating system are you using?

Mac

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

No manual changes made

Describe the bug

In my Flutter project I'm trying to add notifications with APNS. When I do this I get the following error message after giving the path to the .p12 certificate and writing the non-existent password (just pressing enter):

Error outputting keys and certificates
00DEF7DD01000000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:341:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
🛑 Command failed: openssl pkcs12 -in /Users/joakimrosenfeldtpedersen/Certificates.p12 -out /var/folders/cy/n2b5gjxj4dv1mztr65gpklgc0000gn/T/temp.pem -nodes -passin pass:
Error outputting keys and certificates
00DEF7DD01000000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:341:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()

Resolution: Please report this issue at https://github.com/aws-amplify/amplify-cli/issues and include the project identifier from: 'amplify diagnose --send-report'
Learn more at: https://docs.amplify.aws/cli/project/troubleshooting/

Session Identifier: 72137838-7a44-4758-bd28-aa0766d0a711

âś… Report saved: /var/folders/cy/n2b5gjxj4dv1mztr65gpklgc0000gn/T/MellonnSpeakEU/report-1689771320910.zip

âś” Done

Project Identifier: 369c3e3e1f86cb7691bd7b7aef05de77

Expected behavior

Amplify notifications should be added to the project without any problems.

Reproduction steps

  1. Create Flutter project and add Amplify to it.
  2. Follow the official guide to add Notifications to said project.

Project Identifier

369c3e3e1f86cb7691bd7b7aef05de77

Log output

``` # Put your logs below this line 2023-07-19T12:53:29.435Z|info : amplify add notifications 2023-07-19T12:53:29.533Z|info : @aws-amplify/amplify-cli-core.banner-message/index.ts.fetch banner messages from https://aws-amplify.github.io/amplify-cli/banner-message.json({} 2023-07-19T12:53:31.250Z|info : amplify-provider-awscloudformation.system-config-manager.getProfileConfig(["MacBookPro2021Amplify"]) 2023-07-19T12:53:31.252Z|info : amplify-provider-awscloudformation.system-config-manager.getProfiledAwsConfig.profileConfig([{"region":"eu-central-1"}]) 2023-07-19T12:53:31.253Z|info : amplify-provider-awscloudformation.system-config-manager.getProfileCredentials(["MacBookPro2021Amplify"]) 2023-07-19T12:55:23.323Z|error : Command failed: openssl pkcs12 -in /Users/joakimrosenfeldtpedersen/Certificates.p12 -out /var/folders/cy/n2b5gjxj4dv1mztr65gpklgc0000gn/T/temp.pem -nodes -passin pass: Error outputting keys and certificates 00DEF7DD01000000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:341:Global default library context, Algorithm (RC2-40-CBC : 0), Properties () UnknownFault: Command failed: openssl pkcs12 -in /Users/joakimrosenfeldtpedersen/Certificates.p12 -out /var/folders/cy/n2b5gjxj4dv1mztr65gpklgc0000gn/T/temp.pem -nodes -passin pass: Error outputting keys and certificates 00DEF7DD01000000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:341:Global default library context, Algorithm (RC2-40-CBC : 0), Properties () ```

Additional information

No response

Before submitting, please confirm:

ykethan commented 1 year ago

Hey @JoakimMellonn, thank you for reaching. Could you let us know the openssl version currently installed by running openssl version.

Additionally, could you try directly running the openssl command in your terminal and let us know the output? openssl pkcs12 -in /Users/joakimrosenfeldtpedersen/Certificates.p12 -out /var/folders/cy/n2b5gjxj4dv1mztr65gpklgc0000gn/T/temp.pem -nodes -passin <pass>.

Marking this as bug for error messaging improvements as I was able to reproduce a similar error message 

🛑 Command failed: openssl pkcs12 -in /Users/abc/Downloads/cert.p12 -out /var/folders/7n/vtvskf9s3czf2429q2kv9yz00000gr/T/temp.pem -nodes -passin pass:
Mac verify error: invalid password?
JoakimMellonn commented 1 year ago

This is the output from openssl version: OpenSSL 3.1.1 30 May 2023. Regarding running the openssl command, but I'm getting some errors regarding the -passin <pass> part of it. Should I replace anything or is this to be expected?

ykethan commented 1 year ago

@JoakimMellonnThe terminal should prompt you for a pass if we remove the -passin but we can simply press return without any input if the cert does not have a password assigned.

the output should be similar to as follows if the certificates are valid 

openssl pkcs12 -in /Users/abc/Downloads/Certificates.p12 -out /var/folders/7n/vtvskf9s3czf2429q2kv9yz00000gr/T/temp.pem -nodes
Enter Import Password:
MAC verified OK
JoakimMellonn commented 1 year ago

Ah okay, I get the same error when doing it directly in the terminal.

Error outputting keys and certificates
00DEF7DD01000000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:341:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
ykethan commented 1 year ago

Hey @JoakimMellonn, thank you for the information. I was able to reproduce the issue using OpenSSL 3.1.1 30 May 2023. When I switch to LibreSSL 3.3.6 the error does not occur. This appears to be a issue with the SSL version, could try switching to LibreSSL 3.3.6 and let us know if the issue still occurs.

Making a note here for further investigation. Working: LibreSSL 3.3.6 Not working: OpenSSL 3.1.1 30 May 2023

JoakimMellonn commented 1 year ago

Thank you, I've now tried switching to LibreSSL and can confirm it is working.

github-actions[bot] commented 1 year ago

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.

ykethan commented 1 year ago

@JoakimMellonn reopening the issue for tracking this behaviour and provide better error messaging.

kayzkenny commented 11 months ago

Still getting this error, when using the cli amplify add notifications


806024E901000000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:342:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
🛑 Command failed: openssl pkcs12 -in /Users/kehindeakeredolu/Desktop/freelance/light-app/carnet_light/assets/amplify.p12 -out /var/folders/n4/r1prvfbj5hs0m1hfkn9y2w180000gn/T/temp.pem -nodes -passin pass:
Error outputting keys and certificates
806024E901000000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:342:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()```
shree-ranga commented 10 months ago

openssl pkcs12 -in Certificates.p12 -out apns_cert.pem -legacy -nodes

Above worked

true-glassy commented 9 months ago

These are the steps to switch to libressl from openssl

  1. brew install libressl

  2. export PATH="/usr/local/opt/libressl/bin:$PATH" (you have to know where is your liberssl was downloaded and use that in your export)

The command to know where is your liberssl was is brew --prefix libressl