OpenSSL 3.0 password prompt errors
pepone.onrez
pepone.onrez at gmail.com
Tue Nov 30 13:16:51 UTC 2021
Getting some problems with OpenSSL 3.0, I have passwordError function, to
check if the last error was due to an invalid password and allow the user
to retry.
bool
passwordError()
{
unsigned long error = ERR_peek_error();
unsigned long lib = ERR_GET_LIB(error);
unsigned long reason = ERR_GET_REASON(error);
cerr << "error: " << error << endl;
cerr << "lib: " << lib << endl;
cerr << "reason: " << reason << endl;
ERR_print_errors_fp(stdout);
return (reason == PEM_R_BAD_BASE64_DECODE ||
reason == PEM_R_BAD_DECRYPT ||
reason == PEM_R_BAD_PASSWORD_READ ||
reason == PEM_R_PROBLEMS_GETTING_PASSWORD ||
reason == PKCS12_R_MAC_VERIFY_FAILURE);
}
When I test with an invalid password I get
error: 587686001
lib: 70
reason: 483441
error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure
the description seems to match PKCS12_R_MAC_VERIFY_FAILURE but the reason
value doesn't
include/openssl/pkcs12err.h
39:# define PKCS12_R_MAC_VERIFY_FAILURE 113
Any ideas what I might be doing wrong here? this worked fine with 1.1.1
before
Cheers,
Jose
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20211130/32e53c86/attachment.htm>
More information about the openssl-users
mailing list