Open gfvh opened 2 weeks ago
This is caused by the current version of openssl in the new distributions used by the docker images (or by the base OS) not accepting -passin pass:
with an empty password as signifying an empty password, but as querying the user for a password.
The amlen server gets stuck in an interactive prompt from openssl asking for the private key password. This can be seen if running the amlen server in the foregrounds (either in docker or by itself).
As far as I've been able to discern there is no option to just provide an empty password to verify whether the key is protected or not, but you can provide an invalid password to get the same behavior as earlier (i.e. use __DUMMY_PASSWORD_DO_NOT_USE__
or something similar as a placeholder (or if you want to make it more robust, call openssl twice with different dummy passwords, just to cover the case of someone using __DUMMY_PASSWORD_DO_NOT_USE__
as their actual password.
One of these locations is here:
https://github.com/eclipse/amlen/blob/main/server_main/scripts/certApply.sh#L323
I have a small patch that uses a dummy password in those three locations I've found so far (in certApply.sh - there is also a two instances of the same pattern in imacertutils.sh
, but I haven't tested any changes there).
Hi
Steps reproduce
openssl genpkey -aes256 -algorithm RSA -out server.key -pkeyopt rsa_keygen_bits:2048 openssl req -new -out client.csr -key server.key openssl req -x509 -new -nodes -key server.key -sha256 -days 7304 -out clieent.crt
Then add in imawebui under Certificate Profiles cert and key. Result is imaserver crashes. Tried on two separate docker servers.
openssl ciphers -V |grep AES256
I have noticed adding without password rsa key works. Without aes256 cipher. On command line openssl password verify works.
What can do get aes256 as well working and with password for imaserver or is this bug?
env:
Almalinux 9 Selinux off Imaserver: 1.0.0.2 20240124-1010_eclipse 2024-01-24 10:43