curl-library
Re: ASN1 (DER) key does not work
Date: Fri, 14 May 2004 11:01:54 +0200
Hello Seshubabu Pasam,
Seshubabu Pasam wrote:
> Daniel,
>
> Ok, found some time to try this out. Here is the tested patch that
> works with both PEM and DER key/certs. Just one line change. Let me
> know if you are going to apply this.
>
>> Can we fix this? There are two options:
>>
>> a.) To try SSL_CTX_use_RSAPrivateKey_file function and see if it works
>> with both PEM and DER encoded private keys.
This will drop the support for all other (not RSA) key types...
>> b.) Remove support for DER from curl, since it looks like it was never
>> tested.
Or disable it until it is fixed in OpenSSL...
> Index: lib/ssluse.c
> ===================================================================
> RCS file: /repository/curl/lib/ssluse.c,v
> retrieving revision 1.100
> diff -u -r1.100 ssluse.c
> case SSL_FILETYPE_ASN1:
> - if(SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type) != 1) {
> + if(SSL_CTX_use_RSAPrivateKey_file(ctx, key_file, file_type) != 1) {
The downside of this patch is:
curl will only support RSA keys.
Perhaps it is better to drop DER support (until this is fixed in OpenSSL...)
Bye
Goetz
-- Goetz Babin-Ebell, software designer, TC TrustCenter AG, Sonninstr. 24-28, 20097 Hamburg, Germany Office: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126 www.trustcenter.de www.betrusted.com
- application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature