Re: Openssl crashed when loading certificates

Tue, 20 May 2014 12:05:42 -0700 

Dustin,


Yes, I was trying  SSL_CTX_use_certificate_file to see what happened and it
still crashed. The original code looks like:


 if (SSL_CTX_use_certificate_chain_file(ctx, SERVER_CERT) != 1) {
....
}

The manpage says:

       SSL_CTX_use_certificate_chain_file() loads a certificate chain from
file into ctx. The certificates
       must be in PEM format and must be sorted starting with the subject's
certificate (actual client or
       server certificate), followed by intermediate CA certificates if
applicable, and ending at the highest
       level (root) CA.

So that's why I used a concatenated chain of certificates: server cert -
server key - CA cert (self signed). It's strange to me that
openssl s_server command can load the same cert chain no problem. So I am
leaning towards that it's in my code not the cert chain problem.

David






On Tue, May 20, 2014 at 11:07 AM, Dustin Oprea <myselfasun...@gmail.com>wrote:

> On Tue, May 20, 2014 at 1:04 PM, David Li <dlipub...@gmail.com> wrote:
>
>> Hi,
>>
>> I am new to openssl programming. My goal is trying to get a simple server
>> up and running. I am using OpenSSL 1.0.1e-fips 11 Feb 2013 on Centos6.5.
>>
>> I am using SSL_CTX_use_certificate_chain_file() to load my server
>> certificate files at initialization. The PEM file is created by
>> concatenating server cert, server key and CA cert together.  I used the
>> following command line to check its format and it seemed OK.
>>
>> $ openssl s_server -cert servercert.pem -www
>> Using default temp DH parameters
>> Using default temp ECDH parameters
>> ACCEPT
>>
>> And I can use openssl s_client command line to connect to the above
>> server without any issues.
>>
>>
>> Now when I started my server, the code crashed inside
>> the SSL_CTX_use_certificate_chain_file():
>>
>>  if (SSL_CTX_use_certificate_file(ctx, SERVER_CERT, SSL_FILETYPE_PEM) !=
>> 1) {
>>     int_error("Error loading server certificate");
>>   }
>>
>> There wasn't any detailed errors printed out but only:Segmentation fault
>> (core dumped)
>>
>> I searched the old mailing list and on the web but found no clues so far.
>>
>> Can anyone suggest how to debug this issue?
>>
>>
> The code that you cited doesn't use SSL_CTX_use_certificate_chain_file.
>
> I'm new to this arena, too. However, I don't think the public-key should
> be in the trust chain. Make sure that's correct, and that you're only
> sending the one certificate into SSL_CTX_use_certificate_file.
>
>
>
> Dustin
>
>
>> Thanks.
>>
>> David
>>
>
>

Reply via email to