now I wanna try to load ssl TLSv1.3 crt,key!
some of valid TLSv1.3 crt,key files can be loaded successfully so the site is loading successfully.
but some of valid TLSv1.3 crt,key files have error!
ssl_certificate_by_lua_block {
local ssl = require "ngx.ssl"
local str = require "resty.string"
local utils = require "my.utils"
local sni_name, err = ssl.server_name()
local tlsv = utils.getTrimmedAndLowerVal(ssl.get_tls1_version_str());
ngx.log(ngx.DEBUG,"========--------> " .. tlsv); --========--------> tlsv1.3
local ok, err = ssl.clear_certs()
if not ok then
ngx.log(ngx.ERR, "failed to clear existing (fallback) certificates")
return ngx.exit(ngx.ERROR)
end
local file_dir = "/usr/local/openresty/crt_keys/mysite.com."
local crt_content = utils.readFileContent(file_dir .. "crt");
local der_cert_chain, err = ssl.cert_pem_to_der(crt_content)
if not der_cert_chain then
ngx.log(ngx.ERR, "failed to convert certificate chain ", "from PEM to DER: ", err)
return ngx.exit(ngx.ERROR)
end
local ok, err = ssl.set_der_cert(der_cert_chain)
if not ok then
ngx.log(ngx.ERR, "failed to set DER cert: ", err)
return ngx.exit(ngx.ERROR)
end
local pem_pkey = utils.readFileContent(file_dir .. "key");
local der_pkey, err = ssl.priv_key_pem_to_der(pem_pkey)
if not der_pkey then
ngx.log(ngx.ERR, "failed to convert private key ", "from PEM to DER: ", err)
return ngx.exit(ngx.ERROR)
end
local ok, err = ssl.set_der_priv_key(der_pkey)
--error is here
-- failed to convert private key from PEM to DER: PEM_read_bio_PrivateKey() failed, context: ssl_certificate_by_lua*, client:
--my ip, server: 0.0.0.0:443
-- SSL_read_early_data() failed (SSL: error:1417A179:SSL routines:tls_post_process_client_hello:cert cb error) while SSL
-- handshaking, client: my ip, server: 0.0.0.0:443
if not ok then
ngx.log(ngx.ERR, "failed to set DER private key: ", err)
return ngx.exit(ngx.ERROR)
end
}
actually ssl.set_der_priv_key causes the error!
(SSL: error:1417A179:SSL routines:tls_post_process_client_hello:cert)
what I have to do? I think it can be a bug!
because some of valid certificates are ok and some of others have error!
Hello I'm using opnresty /1.19.3.1 I've installed it using:
now I wanna try to load ssl TLSv1.3 crt,key! some of valid TLSv1.3 crt,key files can be loaded successfully so the site is loading successfully. but some of valid TLSv1.3 crt,key files have error!
I can check and trust all of crt,key files using:
openssl x509 –noout –modulus –in /usr/local/openresty/crt_keys/mysite.com.crt | openssl md5
openssl rsa –noout –modulus –in /usr/local/openresty/crt_keys/mysite.com.key | openssl md5
here is my code:
actually ssl.set_der_priv_key causes the error! (SSL: error:1417A179:SSL routines:tls_post_process_client_hello:cert) what I have to do? I think it can be a bug!
because some of valid certificates are ok and some of others have error!