[erlang-bugs] {error,ekeyfile} when using new ssl implementation

mayamatakeshi <>
Sun Mar 4 04:19:44 CET 2012


Hello,
I have this keyfile that I use with the old SSL implementation and it works
fine with this code:

-module(ssl_test).
-export([connect/0]).

connect() ->
        ssl:start(),

        Address = "gateway.sandbox.push.apple.com",
        Port = 2195,
        CaCert = "entrust_root_certification_authority.pem",
        Cert = "server_cerificates_bundle_sandbox.pem",
        Key = "server_cerificates_bundle_sandbox.pem",

        Options = [{cacertfile, CaCert}, {certfile, Cert}, {keyfile, Key},
{mode, binary}, {ssl_imp, old}],
        Timeout = 1000,
        ssl:connect(Address, Port, Options, Timeout).


However, when I try to use the new ssl implementation, I get this:

[ erlang]# erl
Erlang R15B (erts-5.9) [source] [64-bit] [smp:2:2] [async-threads:0] [hipe]
[kernel-poll:false]

Eshell V5.9  (abort with ^G)
1> ssl_test:connect().
{error,ekeyfile}
2>
=ERROR REPORT==== 4-Mar-2012::12:08:29 ===
SSL: 1093: error:[{'RSAPrivateKey',<< .... >>,
                                   not_encrypted},
                  {'RSAPrivateKey',<< .... >>,
                                   not_encrypted}]
server_cerificates_bundle_sandbox.pem
  [{ssl_connection,init_private_key,5,
                   [{file,"ssl_connection.erl"},{line,1085}]},
   {ssl_connection,ssl_init,2,[{file,"ssl_connection.erl"},{line,1027}]},
   {ssl_connection,init,1,[{file,"ssl_connection.erl"},{line,305}]},
   {gen_fsm,init_it,6,[{file,"gen_fsm.erl"},{line,343}]},
   {proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,227}]}]


The server_cerificates_bundle_sandbox.pem file has this format:

Bag Attributes
    friendlyName: XXXXXXXX
    localKeyID: XXXXXX
subject=XXXXXXX
issuer=XXXXXXX
-----BEGIN CERTIFICATE-----
XXXXXXXXXX
-----END CERTIFICATE-----
Bag Attributes
    friendlyName: XXXXXX
    localKeyID: XXXXXX
subject=XXXXXXXXXX
issuer=XXXXXXXXX
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXX
-----END CERTIFICATE-----
Bag Attributes
    friendlyName: XXXXXXXXX
    localKeyID: XXXXXXXX
Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----
XXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----
Bag Attributes
    friendlyName: XXXXXXXXXXX
    localKeyID: XXXXXXXXXXX
Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----
XXXXXXXXXXXXX
-----END RSA PRIVATE KEY-----

So is this format supported by the new ssl implementation? Is this a bug?
Or should I somehow convert this to a different format?

regards,
Takeshi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20120304/4f66a501/attachment.html>


More information about the erlang-bugs mailing list