nginx + LibreSSL + ECDSA cert = Error
kyprizel
kyprizel at gmail.com
Tue Mar 10 11:02:17 UTC 2015
wrong curve?
On Tue, Mar 10, 2015 at 1:27 PM, <TheGrandChamp at gmx.de> wrote:
> Hi,
>
> this time not stupidly formatted ;):
> I compiled nginx 1.7.10 + LibreSSL 2.1.4, but am not able to use ECC
> certificates.
>
> nginx -V:
> nginx version: nginx/1.7.10
> built by gcc 4.7.2 (Debian 4.7.2-5)
> TLS SNI support enabled
> configure arguments:
> --with-openssl=/root/git/build_nginx/build/libressl-2.1.4
> --with-pcre=/root/git/build_nginx/build/pcre-8.36
> --add-module=/root/git/build_nginx/build/echo-nginx-module-0.57
> --with-ld-opt=-lrt --prefix=/usr/local/nginx
> --conf-path=/etc/nginx-libressl/nginx.conf
> --http-log-path=/var/log/nginx/access.log
> --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock
> --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body
> --http-fastcgi-temp-path=/var/lib/nginx/fastcgi
> --http-proxy-temp-path=/var/lib/nginx/proxy
> --http-scgi-temp-path=/var/lib/nginx/scgi
> --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit
> --with-ipv6 --with-http_ssl_module --with-http_stub_status_module
> --with-http_realip_module --with-http_auth_request_module --with-file-aio
> --with-http_spdy_module --with-http_addition_module --with-http_dav_module
> --with-http_geoip_module --with-http_gzip_static_module
> --with-http_image_filter_module --with-http_secure_link_module
> --with-http_sub_module --with-http_xslt_module
>
> Using this script:
> https://gist.github.com/leonklingele/a669803060fa92817f64
>
> nginx error log gives me these messages:
> 2015/03/09 17:00:11 [notice] 6484#0: signal process started
> 2015/03/09 17:00:15 [alert] 6486#0: *732628 ignoring stale global SSL
> error (SSL: error:14085042:SSL routines:SSL3_CTX_CTRL:called a function you
> should not call) while SSL handshaking, client: xxx.xxx.xxx.xxx, server:
> 0.0.0.0:443
> 2015/03/09 17:01:23 [notice] 6785#0: signal process started
> 2015/03/09 17:01:25 [alert] 6787#0: *733012 ignoring stale global SSL
> error (SSL: error:14085042:SSL routines:SSL3_CTX_CTRL:called a function you
> should not call) while SSL handshaking, client: xxx.xxx.xxx.xxx, server:
> 0.0.0.0:443
> 2015/03/09 17:05:27 [notice] 7479#0: signal process started
> 2015/03/09 17:05:35 [alert] 7481#0: *734270 ignoring stale global SSL
> error (SSL: error:14085042:SSL routines:SSL3_CTX_CTRL:called a function you
> should not call) while SSL handshaking, client: xxx.xxx.xxx.xxx, server:
> 0.0.0.0:443
>
> RSA certificates work perfectly fine.
>
> I generated the ECDSA CSR (for Comodo) using:
> $ openssl ecparam -out private.key -name secp384r1 -genkey
> $ openssl req -new -key private.key -nodes -out request.csr
>
> Is this issue related to nginx or LibreSSL?
>
> Also see: http://forum.nginx.org/read.php?2,256381,256381#msg-256381
>
> Thanks for helping,
> Jonathan Müller
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20150310/f26d0329/attachment.html>
More information about the nginx
mailing list