Date: Fri, 5 May 2000 23:16:42 -0400 From: Forrest Aldrich <forrie@navipath.com> To: Kris Kennaway <kris@FreeBSD.ORG> Cc: Steve Price <sprice@hiwaay.net>, current@FreeBSD.ORG Subject: Re: RSA decrypt problems Message-ID: <20000505231642.F13732@drama.navipath.com> In-Reply-To: <Pine.BSF.4.21.0005052004240.24050-100000@freefall.freebsd.org>; from kris@FreeBSD.ORG on Fri, May 05, 2000 at 08:10:27PM -0700 References: <Pine.OSF.4.21.0005052044380.19519-100000@fly.HiWAAY.net> <Pine.BSF.4.21.0005052004240.24050-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
FWIW, I've had a weird (perhaps related) problem, only in the reverse. After creating a certificate (ie: 'make certificate' in apache), I was unable to connect to the server from a Netscape 4.72 browser. It only told me there was a decryption error in the apache logs. ? On Fri, May 05, 2000 at 08:10:27PM -0700, Kris Kennaway wrote: > On Fri, 5 May 2000, Steve Price wrote: > > > [Fri May 5 20:46:19 2000] [error] OpenSSL: error:1E06D401:RSAref > > routines:func(109) :reason(1025) > > You can interpret these error codes by looking up the defines in > <openssl/rsaref.h> - for example, these two are: > > #define RSAREF_F_RSA_REF_PRIVATE_DECRYPT 109 > #define RSAREF_R_DATA 0x0401 > > which doesn't tell you much in itself. However: > > > Doing 2048 bit private rsa's for 10s: RSA private encrypt failure > > 14674:error:1E065406:RSAref routines:func(101) > > :reason(1030):/usr/src/secure/lib/librsausa/../../../crypto/openssl/crypto/../rsaref/rsaref.c:125: > > 14674:error:1E065406:RSAref routines:func(101) > > :reason(1030):/usr/src/secure/lib/librsausa/../../../crypto/openssl/crypto/../rsaref/rsaref.c:125: > > 1 2048 bit private RSA's in 0.00s > > #define RSAREF_F_RSAREF_BN2BIN 101 > #define RSAREF_R_LEN 0x0406 > > RSARef can't handle keys > 1024 bits long. This is a design limitation > which the license forbids us from fixing. > > Does your webserver use a long key? > > Kris > > ---- > In God we Trust -- all others must submit an X.509 certificate. > -- Charles Forsythe <forsythe@alum.mit.edu> > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-current" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000505231642.F13732>