0

I'm porting a project written in C onto an OpenWRT mipsel system. Cross-compiling and library linking is all fine, the project builds and runs on the mipsel system, but there's a runtime problem with OpenSSL.

Seems that PKCS12_create fails for some yet unknown reason. Here's what I found out with ERR_print_errors_fp:

23502:error:06074079:lib(6):func(116):reason(121):NA:0:TYPE=pbeWithSHA1And40BitRC2-CBC
23502:error:23077073:lib(35):func(119):reason(115):NA:0:
23502:error:2306C067:lib(35):func(108):reason(103):NA:0:
23502:error:23073067:lib(35):func(115):reason(103):NA:0:

That's exactly what the OpenSSL GET_ERR_LIB is supposed to give. But how do I for example find out what's lib 35, function 119 and reason 115?

I use a OpenWRT SDK cross-compiler and link against libraries (incl. OpenSSL) from the same SDK.

Here's the essential pieces of code I use to get the errors listed above:

PKCS12 *pkcs12 = NULL;
EVP_PKEY *pkey = EVP_PKEY_new();
X509 *cert = X509_new();

...

pkcs12 = PKCS12_create(password, username, pkey, cert, NULL,
                       0, 0, 0, PKCS12_DEFAULT_ITER, 0);
ERR_print_errors_fp(stderr);

if (pkcs12 == NULL){
    printf("pkcs12 == NULL\n");
    /* And here we bail out... */
}

The code works and is well tested on x86 systems.

So my question here is: How do I find out what the lib, func and reason numeric values actually stand for?

Okw
  • 63
  • 6

2 Answers2

1

Please check if your OpenSSL lib is compiled by enabling the compile time macro OPENSSL_NO_ERR. This macro if enabled, removes all error strings from the OpenSSL Library. If you disable this macro, then you should be getting human readable strings.

Also, you can check err.h (for lib code related macros) and ssl.h (for function & reason code related macros) to make some meaning out of these errors.

Jay
  • 24,173
  • 25
  • 93
  • 141
  • Thank you Jay. I compiled a custom OpenSSL build with some extra debug flags and macros. Didn't even get to see those errors, because it worked out of the box like a charm. Compiled again without the debugging stuff, and worked fine aswell. I'm not sure, but I suppose the SSL-library provided by the SDK is perhaps stripped down or somehow lighter than the default build. – Okw Jul 12 '12 at 10:52
1

Though I understand that, its a very old post but thought that it might help someone. I was facing same issue while calling the pkcs12_create function. It turned out in my case i had not called OpenSSL_add_all_algorithms(); before calling the create function.

anangupadhyaya
  • 118
  • 8