Recent changes in OpenSSL moved RC2 cipher into a "legacy" provider, some PKCS#12 files using the old cipher suite pbeWithSHA1And40BitRC2-CBC will fail to load, resulting in this error:
It would maybe be good to mention in the docs for native_tls::Identity::from_pkcs12() that when you run into this error you need to re-create the PKCS#12 file in a more modern format.
In my case, I have used openssl pkcs12 -legacy to dump the certs and key and re-created the file with openssl pkcs12 -export:
Recent changes in OpenSSL moved RC2 cipher into a "legacy" provider, some PKCS#12 files using the old cipher suite pbeWithSHA1And40BitRC2-CBC will fail to load, resulting in this error:
It would maybe be good to mention in the docs for
native_tls::Identity::from_pkcs12()
that when you run into this error you need to re-create the PKCS#12 file in a more modern format. In my case, I have usedopenssl pkcs12 -legacy
to dump the certs and key and re-created the file withopenssl pkcs12 -export
:This probem so far manifests itself on Arch linux, but will spread to other distros with the new openssl version.
Alternatively, you could provide the users with a way to enable the
legacy
openssl provider (didn't find any)