Error: SSL_CTX_use_certificate, reason: "ee key too small" #69
Description
We have this setup on a x86 ubuntu 20 LTS machine:
Container: Openssl + parsec openssl provider + parsec tool
Host: Parsec service (1.4.1) with Mbed crypto provider
The ping from parsec-tool and openssl list -providers was working.
The certificates and parsec keys were created within the container:
Docker file:
FROM rust:1.78.0-slim-bookworm
ARG PARSEC_TOOL_SRC_REF="561c4163030b6fbebdd489a9cf8d92a88b71d09a"
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update \
&& apt-get install --no-install-recommends --yes \
clang \
git \
libssl-dev \
openssl \
pkg-config
RUN apt-get autoremove
WORKDIR /tmp
COPY openssl.cnf /tmp
RUN git clone --branch 0.1.0 https://github.com/parallaxsecond/parsec-openssl-provider.git && \
cd parsec-openssl-provider/parsec-openssl-provider-shared && \
cargo build
RUN git clone --branch main https://github.com/parallaxsecond/parsec-tool.git && \
cd parsec-tool && \
git checkout ${PARSEC_TOOL_SRC_REF} && \
cargo install patch-crate --locked && \
cargo patch-crate && \
cargo build && \
cp /tmp/parsec-tool/target/debug/parsec-tool /usr/bin/parsec-tool && \
ENV PARSEC_SERVICE_ENDPOINT="unix:/tmp/parsec.sock"
ENV OPENSSL_CONF="/tmp/openssl.cnf"
It inconsistently fails at 2 tests:
called `Result::unwrap()` on an `Err` value: ErrorStack([Error { code: 50331762, library: "digital envelope routines", function: "X509_PUBKEY_get0", reason: "decode error", file: "../crypto/x509/x_pubkey.c", line: 458 }, Error { code: 167772559, library: "SSL routines", function: "SSL_CTX_use_certificate", reason: "ee key too small", file: "../ssl/ssl_rsa.c", line: 221 }])
test test_client_with_mismatched_rsa_key_and_certificate ... FAILED
test test_handshake_client_authentication_rsa ... FAILED
when we run the parsec openssl provider e2e tests - cargo test --test "handshake"
Please find the attached log file:
parsec-openssl-provider.log