[openssl-dev] [openssl.org #4660] error:89070063:lib(137):CAPI_RSA_SIGN:cant create hash object
Glen Matthews via RT
rt at openssl.org
Fri Sep 2 17:59:02 UTC 2016
Hi
Are you saying that it was full?
glen
-----Original Message-----
From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Stephen Henson via RT
Sent: Friday, September 02, 2016 12:00 PM
To: 1047941314 at qq.com
Cc: openssl-dev at openssl.org
Subject: [openssl-dev] [openssl.org #4660] error:89070063:lib(137):CAPI_RSA_SIGN:cant create hash object
On Sat Aug 27 14:01:11 2016, 1047941314 at qq.com wrote:
> hello:
> i want to use libcurl with openssl, and i build openssl use this
> cmd:
> "perl configure VC-WIN32 no-asm -DOPENSSL_SSL_CLIENT_ENGINE_AUTO=capi
> -DOPENSSL_CAPIENG_DIALO"
>
>
> when i use curl get url,eg "curl -k https://urldefense.proofpoint.com/v2/url?u=https-3A__-2A.com&d=DQICAg&c=ZgVRmm3mf2P1-XDAyDsu4A&r=en90exXQg079MaPhrg6ehRKNiY_fq-tJFa8EsFg1CLY&m=GiaQ-aXTEAz2LIGw86R8W_YUndEECrAdv2HNMrMYIKs&s=IuQq7WSAP9cJ_y-1fyCdn_8WwrZkjkgpnDza8tOuE7w&e= ",return the error:
> error:89070063:lib(137):CAPI_RSA_SIGN:cant create hash object
>
Quick answer: use OpenSSL 1.1.0 . Alternatively disable TLS 1.2 (e.g. curl command line option) or indicate support only for SHA1+RSA for client signature algorithms (don't think there is a curl command line option for this).
Long answer: the capi ENGINE in OpenSSL 1.0.2 and earlier uses the CSP attached to the key for cryptographic operations. Unfortunately this means that SHA2 algorithms are not supported for client authentication.
OpenSSL 1.1.0 adds a workaround for this issue. If you disable TLS 1.2 in earlier versions of OpenSSL it will not use SHA2 for client auth so that will also work.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: https://urldefense.proofpoint.com/v2/url?u=http-3A__www.openssl.org&d=DQICAg&c=ZgVRmm3mf2P1-XDAyDsu4A&r=en90exXQg079MaPhrg6ehRKNiY_fq-tJFa8EsFg1CLY&m=GiaQ-aXTEAz2LIGw86R8W_YUndEECrAdv2HNMrMYIKs&s=vd-4WnAUoA49neABl9NK-g38u00nQ2f7vJWLpope-KA&e=
--
Ticket here: https://urldefense.proofpoint.com/v2/url?u=http-3A__rt.openssl.org_Ticket_Display.html-3Fid-3D4660&d=DQICAg&c=ZgVRmm3mf2P1-XDAyDsu4A&r=en90exXQg079MaPhrg6ehRKNiY_fq-tJFa8EsFg1CLY&m=GiaQ-aXTEAz2LIGw86R8W_YUndEECrAdv2HNMrMYIKs&s=d_EFK2MpG35FfJdpz5zxneka6JHkljpl79ksuSy143s&e=
Please log in as guest with password guest if prompted
--
openssl-dev mailing list
To unsubscribe: https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Ddev&d=DQICAg&c=ZgVRmm3mf2P1-XDAyDsu4A&r=en90exXQg079MaPhrg6ehRKNiY_fq-tJFa8EsFg1CLY&m=GiaQ-aXTEAz2LIGw86R8W_YUndEECrAdv2HNMrMYIKs&s=_OR1SdBBZFy-d7W2zBYnsW_arfIKATUXmzPP9xSdAXA&e=
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4660
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list