[RPL/2] Error in SSL when trying to compile RPL/2 v4.0.19
Jonathan Busby
jonathanbusby at gmail.com
Dim 17 Oct 22:32:00 CEST 2010
My main system is down so I am tying to compile RPL/2 on my netbook which
runs Linux Mint 9 Isadora KDE 64-bit. After installing the dependencies
, doing a ./configure --prefix=/usr/local/rpl2 and finally a make -j 3 it
seemed to compile without error until it got into the SSL tests.
Specifically, I got the following errors :
error using 'x509' to sign a user certificate request
error 40 at 0 depth lookup:proxy certificates not allowed, please set the
appropriate flag
seen here in context :
Generate and certify a test certificate
make a certificate request using 'req'
rsa
des-ede3 base64
Generating a 512 bit RSA private key
certP1.ss: C = AU, O = Dodgy Brothers, CN = Brother 1, CN = Brother 2, CN =
Proxy 1
error 40 at 0 depth lookup:proxy certificates not allowed, please set the
appropriate flag
.....+++++
Certificate details
+++++++
........++++++++++++
writing new private key to 'keyCA.ss'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AU
Organization Name (eg, company) []:Dodgy Brothers
Common Name (eg, YOUR name) []:Dodgy CA
convert the certificate request into a self signed certificate using 'x509'
subject= /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1
issuer= /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
notBefore=Oct 16 20:37:42 2010 GMT
notAfter=Nov 15 20:37:42 2010 GMT
des-ede3-cbc
make another proxy certificate request using 'req'
Generating a 512 bit RSA private key
...++++++++++++
..++++++++++++
writing new private key to 'keyP2.ss'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AU
Organization Name (eg, company) []:Dodgy Brothers
Common Name (eg, YOUR name) []:Brother 1
Common Name (eg, YOUR name) []:Brother 2
Common Name (eg, YOUR name) []:Proxy 1
Common Name (eg, YOUR name) []:Proxy 2
sign second proxy certificate request with the first proxy certificate via
'x509'
Signature ok
subject=/C=AU/O=Dodgy Brothers/CN=Dodgy CA
Getting Private key
convert a certificate into a certificate request using 'x509'
Getting request Private Key
Generating certificate request
Signature ok
subject=/C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy
2
Getting CA Private Key
des-ede3-cbc base64
verify OK
certP2.ss: C = AU, O = Dodgy Brothers, CN = Brother 1, CN = Brother 2
error 20 at 2 depth lookup:unable to get local issuer certificate
Certificate details
verify OK
certCA.ss: OK
make a user certificate request using 'req'
des-ede3-cfb
subject= /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy
1/CN=Proxy 2
issuer= /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1
notBefore=Oct 16 20:37:42 2010 GMT
notAfter=Nov 15 20:37:42 2010 GMT
The generated CA certificate is certCA.ss
The generated CA private key is keyCA.ss
The generated user certificate is certU.ss
The generated user private key is keyU.ss
The first generated proxy certificate is certP1.ss
The first generated proxy private key is keyP1.ss
The second generated proxy certificate is certP2.ss
The second generated proxy private key is keyP2.ss
Generating a 512 bit RSA private key
..Generate and certify a test certificate
.
make a certificate request using 'req'
.....++++++++++++
.........rsa
..des-ede3-cfb base64
......................++++++++++++
writing new private key to 'keyU.ss'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AU
Organization Name (eg, company) []:Dodgy Brothers
Common Name (eg, YOUR name) []:Brother 1
Common Name (eg, YOUR name) []:Brother 2
Generating a 512 bit RSA private key
.++++++des-ede3-ofb
++++++
..............++++++++++++
writing new private key to 'keyCA.ss'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AU
Organization Name (eg, company) []:Dodgy Brothers
Common Name (eg, YOUR name) []:Dodgy CA
convert the certificate request into a self signed certificate using 'x509'
sign user certificate request with the just created CA via 'x509'
Signature ok
subject=/C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
Signature ok
subject=/C=AU/O=Dodgy Brothers/CN=Dodgy CA
Getting Private key
unable to load certificate
47997535751944:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:698:Expecting: TRUSTED CERTIFICATE
des-ede3-ofb base64
error using 'x509' to sign a user certificate request
make[3]: *** [certP1.ss] Error 1
make[3]: *** Waiting for unfinished jobs....
convert a certificate into a certificate request using 'x509'
Getting request Private Key
Generating certificate request
des-ofb
verify OK
verify OK
des-ofb base64
certCA.ss: OK
make a user certificate request using 'req'
Generating a 512 bit RSA private key
des3
..................................++++++++++++
.++++++++++++
writing new private key to 'keyU.ss'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AU
Organization Name (eg, company) []:Dodgy Brothers
Common Name (eg, YOUR name) []:Brother 1
Common Name (eg, YOUR name) []:Brother 2
sign user certificate request with the just created CA via 'x509'
Signature ok
subject=/C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
Getting CA Private Key
des3 base64
certU.ss: OK
Certificate details
subject= /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
issuer= /C=AU/O=Dodgy Brothers/CN=Dodgy CA
notBefore=Oct 16 20:37:43 2010 GMT
notAfter=Nov 15 20:37:43 2010 GMT
make a proxy certificate request using 'req'
desx
Generating a 512 bit RSA private key
...++++++++++++
....++++++++++++
writing new private key to 'keyP1.ss'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AU
Organization Name (eg, company) []:Dodgy Brothers
Common Name (eg, YOUR name) []:Brother 1
Common Name (eg, YOUR name) []:Brother 2
Common Name (eg, YOUR name) []:Proxy 1
sign proxy certificate request with the just created user certificate via
'x509'
desx base64
Signature ok
subject=/C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1
Getting CA Private Key
certP1.ss: C = AU, O = Dodgy Brothers, CN = Brother 1, CN = Brother 2, CN =
Proxy 1
error 40 at 0 depth lookup:proxy certificates not allowed, please set the
appropriate flag
Certificate details
subject= /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1
issuer= /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
notBefore=Oct 16 20:37:43 2010 GMT
notAfter=Nov 15 20:37:43 2010 GMT
make another proxy certificate request using 'req'
idea
Generating a 512 bit RSA private key
..idea base64
.....++++++++++++
.....++++++++++++
writing new private key to 'keyP2.ss'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AU
Organization Name (eg, company) []:Dodgy Brothers
Common Name (eg, YOUR name) []:Brother 1
Common Name (eg, YOUR name) []:Brother 2
Common Name (eg, YOUR name) []:Proxy 1
Common Name (eg, YOUR name) []:Proxy 2
sign second proxy certificate request with the first proxy certificate via
'x509'
idea-cbc
Signature ok
subject=/C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1/CN=Proxy
2
Getting CA Private Key
certP2.ss: C = AU, O = Dodgy Brothers, CN = Brother 1, CN = Brother 2, CN =
Proxy 1, CN = Proxy 2
error 40 at 0 depth lookup:proxy certificates not allowed, please set the
appropriate flag
Certificate details
subject= /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy
1/CN=Proxy 2
issuer= /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2/CN=Proxy 1
notBefore=Oct 16 20:37:43 2010 GMT
notAfter=Nov 15 20:37:43 2010 GMT
The generated CA certificate is certCA.ss
The generated CA private key is keyCA.ss
The generated user certificate is certU.ss
The generated user private key is keyU.ss
The first generated proxy certificate is certP1.ss
The first generated proxy private key is keyP1.ss
The second generated proxy certificate is certP2.ss
The second generated proxy private key is keyP2.ss
idea-cbc base64
idea-cfb
idea-cfb base64
idea-ecb
idea-ecb base64
idea-ofb
idea-ofb base64
rc2
rc2 base64
rc2-40-cbc
rc2-40-cbc base64
rc2-64-cbc
rc2-64-cbc base64
rc2-cbc
rc2-cbc base64
rc2-cfb
rc2-cfb base64
rc2-ecb
rc2-ecb base64
rc2-ofb
rc2-ofb base64
rc4
rc4 base64
rc4-40
rc4-40 base64
seed
seed base64
seed-cbc
seed-cbc base64
seed-cfb
seed-cfb base64
seed-ecb
seed-ecb base64
seed-ofb
seed-ofb base64
make[3]: Leaving directory `/home/jdb2/rpl-4.0.19/tools/openssl-1.0.0a/test'
make[2]: *** [tests] Error 2
make[2]: Leaving directory `/home/jdb2/rpl-4.0.19/tools/openssl-1.0.0a'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/home/jdb2/rpl-4.0.19/tools'
make: *** [all] Error 2
Could someone tell me what is going on?
Any help is appreciated.
Thanks,
Jonathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.systella.fr/pipermail/rpl2/attachments/20101017/161d6201/attachment.html>
Plus d'informations sur la liste de diffusion RPL2