Hello Seshubabu Pasam,

Seshubabu Pasam wrote:
> Daniel,
>
> Ok, found some time to try this out. Here is the tested patch that
> works with both PEM and DER key/certs. Just one line change. Let me
> know if you are going to apply this.
>
>> Can we fix this? There are two options:
>>
>> a.) To try SSL_CTX_use_RSAPrivateKey_file function and see if it works
>> with both PEM and DER encoded private keys.

This will drop the support for all other (not RSA) key types...

>> b.) Remove support for DER from curl, since it looks like it was never
>> tested.

Or disable it until it is fixed in OpenSSL...

> Index: lib/ssluse.c
> ===================================================================
> RCS file: /repository/curl/lib/ssluse.c,v
> retrieving revision 1.100
> diff -u -r1.100 ssluse.c
> case SSL_FILETYPE_ASN1:
> - if(SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type) != 1) {
> + if(SSL_CTX_use_RSAPrivateKey_file(ctx, key_file, file_type) != 1) {

The downside of this patch is:
curl will only support RSA keys.

Perhaps it is better to drop DER support (until this is fixed in OpenSSL...)

Bye

Goetz

-- 
Goetz Babin-Ebell, software designer,
TC TrustCenter AG, Sonninstr. 24-28, 20097 Hamburg, Germany
Office: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126
www.trustcenter.de www.betrusted.com