cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: ASN1 (DER) key does not work

From: Seshubabu Pasam <pasam_at_seshubabu.com>
Date: Fri, 14 May 2004 00:17:49 -0700

Daniel,

Ok, found some time to try this out. Here is the tested patch that
works with both PEM and DER key/certs. Just one line change. Let me
know if you are going to apply this.

Regards
-Seshubabu Pasam

> Daniel,
>
> Can we fix this? There are two options:
>
> a.) To try SSL_CTX_use_RSAPrivateKey_file function and see if it works
> with both PEM and DER encoded private keys.
>
> b.) Remove support for DER from curl, since it looks like it was never
> tested.
>
> I can work on this, if you are interested. Let me know?
>
> Regards
> -Seshubabu Pasam
>
> Seshubabu Pasam wrote:
>
>>
>> Hi there,
>>
>> I am trying to use ASN1 (DER) encoded private key file and client
>> certificate. libCurl fails with error:
>>
>> unable to set private key file: 'client-key.der' type DER
>>
>> I was checking to see what went wrong. Curl calls
>> SSL_CTX_use_PrivateKey_file to set the private key. Looks like this
>> function does not support ASN1 encoding. Here is the code snippet from
>> OpenSSL.
>>
>> if (type == SSL_FILETYPE_PEM) {
>> ...
>> } else {
>> SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
>> goto end;
>> }
>>
>> Curl should probably use SSL_CTX_use_RSAPrivateKey_file which supports
>> both PEM and DER. I am not sure about the downside of using this
>> function! May be it just supports (RSA and not DSA?) Comments?
>>
>> Regards
>> -Seshubabu Pasam
>>
>

Index: lib/ssluse.c
===================================================================
RCS file: /repository/curl/lib/ssluse.c,v
retrieving revision 1.100
diff -u -r1.100 ssluse.c
--- lib/ssluse.c 13 May 2004 15:19:02 -0000 1.100
+++ lib/ssluse.c 14 May 2004 07:15:46 -0000
@@ -300,7 +300,7 @@
         /* cert & key can only be in PEM case in the same file */
         key_file=cert_file;
     case SSL_FILETYPE_ASN1:
- if(SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type) != 1) {
+ if(SSL_CTX_use_RSAPrivateKey_file(ctx, key_file, file_type) != 1) {
         failf(data, "unable to set private key file: '%s' type %s\n",
               key_file, key_type?key_type:"PEM");
         return 0;
Received on 2004-05-14