gen-csca-dsc.sh hangs - Githubissues

ehn-dcc-development / ehn-sign-verify-javascript-trivial

Trivial eHN-Simple implementation in plain/simplified javascript

European Union Public License 1.2

32 stars 12 forks source link

gen-csca-dsc.sh hangs #9

Open Eschon opened 3 years ago

Eschon commented 3 years ago

I wanted to try out this implementation but I can't generate the certificates. When I run ./gen-csca-dsc.sh it just hangs. I tried to leave it for an hour to see if it is just really slow but nothing happened. The csca.key gets created but then the second openssl command seems to hang.

I've also tried running the command on its own with the same result.

I'm running Mac OS 11.4 with openssl LibreSSL 2.8.3

I don't have much experience with openssl so any help figuring out the problem would be appreciated.

iamariffikri commented 3 years ago

I have similar issue, it seems to have generated csca.key fine but stuck and unable to generate dsc-worker.pem

iamariffikri commented 3 years ago

@Eschon I have found the issue. I finally successfully generated the keys 🔑 . The culprit is LibreSSL on mac. I would suggest to try this out. here's what I did:

Run openssl version I got LibreSSL as response. This is the reason, cause the script is using OpenSSL.

We have to check if OpenSSL is installed on our Mac Run brew list openssl If it is already installed, you will see list of OpenSSL paths available

If there is NO OpenSSL on your machine, you need to install it: Run brew install openssl

If you already have OpenSSL on your machine, try to update it: Run brew upgrade openssl

Once that's done, we need to point our path to ensure the script run using OpenSSL on our machine Run brew info openssl

You will find the line If you need to have openssl@1.1 first in your PATH, run: <script>

Run the script that provided.

Lastly restart your terminal for it to re-read new .bash_profile

Try to run ./gen-csca-dsc.sh once again.

Hope this give you some success.

Eschon commented 3 years ago

@iamariffikri Thanks! I was already suspecting that LibreSSL might be the problem, but as I said I'm not really experienced with openssl and didn't have time yet to look into it more. With the proper openssl version i was also able to generate the certificate.

If you don't want to change your system defaults it also works by replacing the line

OPENSSL=${OPENSSL:=openssl}

with (use the path of your brew openssl installation)

OPENSSL=${OPENSSL:=/usr/local/opt/openssl@1.1/bin/openssl}

Maybe it would be good to add a hint to this to the documentation.

dirkx commented 3 years ago

Know tha the construct

OPENSSL=${OPENSSL:-openssl}

Allows for you to set

export OPENSSL=/opt ….. / openssl

To your local copy & put this in your shell profile. So that you override the makefile ? Would that work for you ?

Eschon commented 3 years ago

Ah, yes thanks. That works as well