OpenSSL s_server command prompts for password even when we provide it in the command in OpenSSL 3.1 versions
Tomas Mraz
tomas at openssl.org
Thu Jan 25 17:22:56 UTC 2024
On Thu, 2024-01-25 at 12:09 -0500, Viktor Dukhovni wrote:
> On Thu, Jan 25, 2024 at 09:40:20AM +0100, Tomas Mraz wrote:
>
> > A simple workaround is to put the key in a separate file and use
> > the
> > -key option to load it and have only the unencrypted certificate in
> > the file loaded with the -cert option.
>
> So it seems that the PEM reader wants to decrypt even objects that
> will be ultimately ignored? This feels like a layering issue, the
> decryption happens before filtering for the desired result types.
>
> Is that the issue?
Yes, but I assume it might be even more complicated because the apps
call OSSL_STORE to load keys and certs from files and not call decoders
directly.
--
Tomáš Mráz, OpenSSL
More information about the openssl-users
mailing list