From owner-freebsd-current  Fri May  5 20:16:51 2000
Delivered-To: freebsd-current@freebsd.org
Received: from drama.navipath.com (drama.navipath.com [216.67.14.8])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7F8FC37B607; Fri,  5 May 2000 20:16:48 -0700 (PDT)
	(envelope-from forrie@drama.navipath.com)
Received: (from forrie@localhost)
            by drama.navipath.com with id e463Ggc20076;
            Fri, 5 May 2000 23:16:42 -0400 (EDT)
Date: Fri, 5 May 2000 23:16:42 -0400
From: Forrest Aldrich <forrie@navipath.com>
To: Kris Kennaway <kris@FreeBSD.ORG>
Cc: Steve Price <sprice@hiwaay.net>, current@FreeBSD.ORG
Subject: Re: RSA decrypt problems
Message-ID: <20000505231642.F13732@drama.navipath.com>
References: <Pine.OSF.4.21.0005052044380.19519-100000@fly.HiWAAY.net> <Pine.BSF.4.21.0005052004240.24050-100000@freefall.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i
In-Reply-To: <Pine.BSF.4.21.0005052004240.24050-100000@freefall.freebsd.org>; from kris@FreeBSD.ORG on Fri, May 05, 2000 at 08:10:27PM -0700
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

FWIW, I've had a weird (perhaps related) problem, only in the
reverse.   After creating a certificate (ie: 'make certificate' in
apache), I was unable to connect to the server from a Netscape
4.72 browser.  It only told me there was a decryption error in the
apache logs.


?


On Fri, May 05, 2000 at 08:10:27PM -0700, Kris Kennaway wrote:
> On Fri, 5 May 2000, Steve Price wrote:
> 
> > [Fri May 5 20:46:19 2000] [error] OpenSSL: error:1E06D401:RSAref
> > routines:func(109) :reason(1025)
> 
> You can interpret these error codes by looking up the defines in
> <openssl/rsaref.h> - for example, these two are:
> 
> #define RSAREF_F_RSA_REF_PRIVATE_DECRYPT                 109
> #define RSAREF_R_DATA                                    0x0401
> 
> which doesn't tell you much in itself. However:
> 
> > Doing 2048 bit private rsa's for 10s: RSA private encrypt failure
> > 14674:error:1E065406:RSAref routines:func(101)
> > :reason(1030):/usr/src/secure/lib/librsausa/../../../crypto/openssl/crypto/../rsaref/rsaref.c:125:
> > 14674:error:1E065406:RSAref routines:func(101)
> > :reason(1030):/usr/src/secure/lib/librsausa/../../../crypto/openssl/crypto/../rsaref/rsaref.c:125:
> > 1 2048 bit private RSA's in 0.00s
> 
> #define RSAREF_F_RSAREF_BN2BIN                           101
> #define RSAREF_R_LEN                                     0x0406
> 
> RSARef can't handle keys > 1024 bits long. This is a design limitation
> which the license forbids us from fixing.
> 
> Does your webserver use a long key?
> 
> Kris
> 
> ----
> In God we Trust -- all others must submit an X.509 certificate.
>     -- Charles Forsythe <forsythe@alum.mit.edu>
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-current" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message