Daniel,

Can we fix this? There are two options:

a.) To try SSL_CTX_use_RSAPrivateKey_file function and see if it works
with both PEM and DER encoded private keys.

b.) Remove support for DER from curl, since it looks like it was never
tested.

I can work on this, if you are interested. Let me know?

Regards
-Seshubabu Pasam

Seshubabu Pasam wrote:
>
> Hi there,
>
> I am trying to use ASN1 (DER) encoded private key file and client
> certificate. libCurl fails with error:
>
> unable to set private key file: 'client-key.der' type DER
>
> I was checking to see what went wrong. Curl calls
> SSL_CTX_use_PrivateKey_file to set the private key. Looks like this
> function does not support ASN1 encoding. Here is the code snippet from
> OpenSSL.
>
> if (type == SSL_FILETYPE_PEM) {
> ...
> } else {
> SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
> goto end;
> }
>
> Curl should probably use SSL_CTX_use_RSAPrivateKey_file which supports
> both PEM and DER. I am not sure about the downside of using this
> function! May be it just supports (RSA and not DSA?) Comments?
>
> Regards
> -Seshubabu Pasam
>
Received on 2004-05-14