main: TLS init def ctx failed: -1
Fredrik Unger
fred at ludd.ltu.se
Fri Nov 26 14:10:00 CET 2010
Hi,
Have tried to dig deeper, using gnutls-serv.
gnutls-serv --version
gnutls-serv (GnuTLS) 2.8.6
sudo gnutls-serv --debug 9 --x509cafile /etc/ssl/cacert.pem
--x509certfile /etc/ldap/cert/cert.pem
--x509keyfile /etc/ldap/cert/key.pem
Processed 1 CA certificate(s).
|<2>| ASSERT: <<<<<_b64.c:519
|<2>| ASSERT: privkey.c:171
|<2>| ASSERT: privkey.c:388
|<2>| ASSERT: privkey.c:415
|<2>| ASSERT: x509_b64.c:452
|<2>| Could not find '-----BEGIN PRIVATE KEY'
|<2>| ASSERT: x509_b64.c:452
|<2>| Could not find '-----BEGIN ENCRYPTED PRIVATE KEY'
|<2>| ASSERT: privkey_pkcs8.c:1099
|<2>| ASSERT: gnutls_x509.c:547
|<2>| ASSERT: gnutls_x509.c:597
Error reading '/etc/ldap/cert/cert.pem' or '/etc/ldap/cert/key.pem'
Error: Base64 unexpected header error.
sudo cat /etc/ldap/cert/key.pem
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,CA6CC40CD8CF4D0C802B925FC4EAAE91
Is the header the problem ?
Using openssl the key works :
openssl version
OpenSSL 0.9.8o 01 Jun 2010
sudo openssl s_server -cert /etc/ldap/cert/cert.pem -key
/etc/ldap/cert/key.pem -www
Enter pass phrase for /etc/ldap/cert/key.pem:
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
The key was created with an old openssl version (Oct 2008 after the
dsa-1571 problem).
Do you need more information ?
Can create a new key, but if is a gnutls bug, this report might help.
/Fredrik Unger
More information about the Gnutls-help
mailing list