I was confused to find logging indicating an intermittent error while doing SSL in an application:
x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:318: But that's while running automated tests which always use certificates and keys from pregenerated PKCS#12 files. So that doesn't make sense. It continued to not make sense on further investigation. The error seems to be coming from a successful call to PKCS12_parse(): it's checking each certificate against the private key, and one of the certificates (unsurprisingly, since it's a CA) doesn't match. So what's the right thing to do? Should PKCS12_parse() be calling ERR_clear_error() (or something else) on success? Should the application call ERR_clear_error() after successfully calling PKCS12_parse(), and are there other functions that might need similar treatment? Should the application be calling ERR_clear_error() at some points as part of initialisation? Maybe just before creating an SSL or something? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
