[strongSwan] Unable to load the private key without openssl plugin
Martin Willi
martin at strongswan.org
Wed Jan 23 08:59:22 CET 2013
Hi,
> 1) List of loaded plugins without the openssl for the failed test case.
> 00[LIB] key integrity tests failed
> 00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 6 builders
> When openssl plugin was enabled, we created a patch file as workaround
> to bypass the RSA_check_key.
If I understand correctly, you had to patch the openssl plugin to get it
working with your key, and an unpatched gmp plugin is unable to load the
key, right?
> it is safe for to bypass the integrity check in gmp plugin as another
> workaround?
I don't think so. These checks are there for good reason and check the
sanity (and safety) of the RSA key. You can add some debug statements to
[1] to see why exactly the key is considered invalid.
I don't recommend to remove the check, but instead track down why the
check fails and why your key is invalid (and potentially unsafe).
Regards
Martin
[1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c;hb=HEAD#l525
More information about the Users
mailing list