search

tst2005googlecode / umurmur

Automatically exported from code.google.com/p/umurmur
1 stars 0 forks source link

uMurmur can't read OpenSSL 1.0.0 certs #25

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Hi,

Don't know if it's related to OpenSSL 1.0.0, PolarSSL or even uMurmur but here 
is the problem :
I compiled uMurmur 0.2.6 with PolarSSL 0.14.2
I generated SSL key+cert with OpenSSL 0.9.7m
This is working fine

I generated SSL key+cert with OpenSSL 1.0.0d
I get in /var/log/messages :
Mar 26 16:42:07 uMurmurd[28832]: FATAL: Could not read RSA key file 
/usr/local/umurmur/etc/umurmur.key
uMurmur doesn't start

Same command used to generate such key+cert :
openssl req -x509 -newkey rsa:1024 -keyout /usr/local/umurmur/etc/umurmur.key 
-nodes -sha1 -days 365 -out /usr/local/umurmur/etc/umurmur.crt -config 
/usr/local/umurmur/var/openssl.cnf < /usr/local/umurmur/var/cert.fields > 
/dev/null 2>&1
Exit status is OK for OpenSSL 1.0.0d and 0.9.7m.

Either there is an incompatibility between PolarSSL 0.14.2 and OpenSSL 1.0.0+ 
or that's an issue with uMurmur.

I'm gonna compile uMurmur with OpenSSL 1.0.0d instead of PolarSSL and try the 
same as above.

I keep you posted

Original issue reported on code.google.com by DiaoulAel on 26 Mar 2011 at 5:03

GoogleCodeExporter commented 9 years ago 
uMurmur 0.2.6 with OpenSSL 1.0.0d works great with :
-OpenSSL 1.0.0c certificates
-OpenSSL 0.9.7m certificates

Meaning that this is a PolarSSL-related issue.

This is an important thing to know when using PolarSSL...

Original comment by DiaoulAel on 26 Mar 2011 at 5:09

GoogleCodeExporter commented 9 years ago 
Made a couple of test and I noticed that the generated keys look a bit 
different:

'openssl req -x509 -newkey rsa:1024 ...' creates a key that starts with:
-----BEGIN PRIVATE KEY-----

'openssl genrsa 1024' creates a key that starts with:
-----BEGIN RSA PRIVATE KEY-----

PolarSSL looks for the latter line while parsing the key:

    s1 = (unsigned char *) strstr( (char *) key,
        "-----BEGIN RSA PRIVATE KEY-----" );

Don't know who is at fault here... OpenSSL or PolarSSL. I'll drop a line at the 
PolarSSL forum tomorrow if you don't beat me to it :)

Original comment by fatbob.s...@gmail.com on 26 Mar 2011 at 9:33

GoogleCodeExporter commented 9 years ago 
openssl req generates PKCS#8 key format files. PolarSSL can only handle regular 
RSA key format files. Either generate the key with 'openssl genrsa 1024' or 
convert it with 'openssl rsa -in pkcs8_keyfile.key -out rsa_keyfile.key'

http://polarssl.org/forum_view_topic?topic_id=132

Original comment by fatbob.s...@gmail.com on 16 Apr 2011 at 8:23