FWIW, I've had a weird (perhaps related) problem, only in the
reverse. After creating a certificate (ie: 'make certificate' in
apache), I was unable to connect to the server from a Netscape
4.72 browser. It only told me there was a decryption error in the
apache logs.
?
On Fri, May 05, 2000 at 08:10:27PM -0700, Kris Kennaway wrote:
> On Fri, 5 May 2000, Steve Price wrote:
>
> > [Fri May 5 20:46:19 2000] [error] OpenSSL: error:1E06D401:RSAref
> > routines:func(109) :reason(1025)
>
> You can interpret these error codes by looking up the defines in
> <openssl/rsaref.h> - for example, these two are:
>
> #define RSAREF_F_RSA_REF_PRIVATE_DECRYPT 109
> #define RSAREF_R_DATA 0x0401
>
> which doesn't tell you much in itself. However:
>
> > Doing 2048 bit private rsa's for 10s: RSA private encrypt failure
> > 14674:error:1E065406:RSAref routines:func(101)
> >
>:reason(1030):/usr/src/secure/lib/librsausa/../../../crypto/openssl/crypto/../rsaref/rsaref.c:125:
> > 14674:error:1E065406:RSAref routines:func(101)
> >
>:reason(1030):/usr/src/secure/lib/librsausa/../../../crypto/openssl/crypto/../rsaref/rsaref.c:125:
> > 1 2048 bit private RSA's in 0.00s
>
> #define RSAREF_F_RSAREF_BN2BIN 101
> #define RSAREF_R_LEN 0x0406
>
> RSARef can't handle keys > 1024 bits long. This is a design limitation
> which the license forbids us from fixing.
>
> Does your webserver use a long key?
>
> Kris
>
> ----
> In God we Trust -- all others must submit an X.509 certificate.
> -- Charles Forsythe <[EMAIL PROTECTED]>
>
>
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-current" in the body of the message
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
