Open
Description
Recent changes in OpenSSL moved RC2 cipher into a "legacy" provider, some PKCS#12 files using the old cipher suite pbeWithSHA1And40BitRC2-CBC will fail to load, resulting in this error:
error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
It would maybe be good to mention in the docs for native_tls::Identity::from_pkcs12() that when you run into this error you need to re-create the PKCS#12 file in a more modern format.
In my case, I have used openssl pkcs12 -legacy to dump the certs and key and re-created the file with openssl pkcs12 -export:
openssl pkcs12 -legacy --password pass:changeit -in bad.p12 -noenc -out fixme.pem
openssl pkcs12 -export --password pass:changeit -inkey fixme.pem -in fixme.pem -out fixed.p12
This probem so far manifests itself on Arch linux, but will spread to other distros with the new openssl version.
Alternatively, you could provide the users with a way to enable the legacy openssl provider (didn't find any)
Metadata
Metadata
Assignees
Labels
No labels