Mailinglist Archive: opensuse-bugs (12990 mails)

< Previous Next >
[Bug 467437] New: openssl in SuSE 11.1 does create wrong PKCS12 files
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Mon, 19 Jan 2009 14:00:33 -0700 (MST)
  • Message-id: <bug-467437-21960@xxxxxxxxxxxxxxxxxxxxxxxxx/>

Summary: openssl in SuSE 11.1 does create wrong PKCS12 files
Classification: openSUSE
Product: openSUSE 11.1
Version: RC 2
Platform: i686
OS/Version: openSUSE 11.1
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
AssignedTo: security-team@xxxxxxx
ReportedBy: fl@xxxxxxxxxx
QAContact: qa@xxxxxxx
Found By: ---

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:
Gecko/2008121300 SUSE/3.0.5-1.1 Firefox/3.0.5

Creating a PKCS12 file with OpenSSL from openSuSE 11.1 gives the following
error message when importing under Windows:

ENGLISH error message:
The private key that you are importing might require a cryptographic
service provider that is not installed on your system.

GERMAN error message:
Ein interner Fehler ist aufgetreten. Der private Schlüssel, den Sie
importieren, erfordert möglicherweise einen Dienstanbieter, der nicht
installiert ist.

I'm using OpenSSL (from openSuSE11.1) in the following way to create PKCS12
file for import by Windows users:

Reproducible: Always

Steps to Reproduce:
I call openssl the following way to create the PKCS12 file:

openssl pkcs12 -export -passin file:passwordfile \
-passout file:passwordfile -inkey private/hostKey.pem \
-in certs/hostCert.pem -name "Certificat for Host" \
-certfile certs/ca-certificate.pem -caname "Root CA" \
-out host.p12

Actual Results:
On Windows one needs to double-click the file, enter the password
and just click next till the error shows up.

Expected Results:
It should work without an error message

Extracting the know good version from the previously installed SuSE 10.2
and calling openssl the following way (all files of the original RPM where
extracted into on subdirectory):

LD_LIBRARY_PATH=~/openssl-from-SuSE-10.2/ ~/openssl-from-SuSE-10.2/openssl ...

the created PKCS12 just works.

Configure bugmail:
------- You are receiving this mail because: -------
You are on the CC list for the bug.
< Previous Next >