Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LibreSSL: unknown certificate type with ED25519 #1705

Open
michaelortmann opened this issue Oct 19, 2024 · 0 comments
Open

LibreSSL: unknown certificate type with ED25519 #1705

michaelortmann opened this issue Oct 19, 2024 · 0 comments

Comments

@michaelortmann
Copy link
Member

With LibreSSL 4.0.0 i get the following error in eggdrop 1.10.0:

$ LD_LIBRARY_PATH=/home/michael/opt/libressl-4.0.0/lib ./eggdrop -t BotA.conf 

Eggdrop v1.10.0 (C) 1997 Robey Pointer (C) 1999-2024 Eggheads Development Team
--- Loading eggdrop v1.10.0 (Sat Oct 19 2024)
Module loaded: channels        
Module loaded: server          
Module loaded: ctcp            
Module loaded: irc             
Module loaded: transfer         (with lang support)
Module loaded: share           
Module loaded: compress        
Module loaded: filesys          (with lang support)
Module loaded: notes            (with lang support)
Module loaded: console          (with lang support)
Module loaded: uptime          
Loading dccwhois.tcl...
Loaded dccwhois.tcl
Userinfo TCL v1.08 loaded (URL BF GF IRL EMAIL DOB PHONE ICQ YOUTUBE TWITCH).
use '.help userinfo' for commands.
Loaded quotepong.tcl
Listening for telnet connections on 0.0.0.0 port 3333 (all).
Listening for telnet connections on 0.0.0.0 port +3343 (all).
Listening for telnet connections on 0.0.0.0 port 4040 (all).
Module loaded: blowfish        
Module loaded: pbkdf2          
Writing channel file...
Userfile loaded, unpacking...
=== BotA: 0 channels, 22 users.
ERROR: TLS: unable to load own certificate from BotA.pem: error:14FFF0F7:SSL routines:(UNKNOWN)SSL_internal:unknown certificate type
* Unable to load TLS certificate (ssl-certificate config setting)!

With OpenSSL 3.3.2 it works just fine.

Keyinfo:

$ openssl x509 -in BotA.pem -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:44:2c:3e:24:22:1f:55:45:6a:cd:4c:96:64:7c:83:75:a9:aa:12
        Signature Algorithm: ED25519
        Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd
        Validity
            Not Before: Oct 16 07:54:22 2024 GMT
            Not After : Oct 17 07:54:22 2027 GMT
        Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd
        Subject Public Key Info:
            Public Key Algorithm: ED25519
                ED25519 Public-Key:
                pub:
                    34:a4:e5:b1:06:4e:10:38:f9:ad:17:57:fb:3d:36:
                    91:5f:b9:9a:aa:48:28:86:fb:f1:bc:52:c7:51:4f:
                    b9:d9
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                10:A5:62:FE:2F:C1:0D:AC:3B:0A:42:04:2C:C0:1E:C4:E2:E8:E3:71
            X509v3 Authority Key Identifier: 
                10:A5:62:FE:2F:C1:0D:AC:3B:0A:42:04:2C:C0:1E:C4:E2:E8:E3:71
            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: ED25519
    Signature Value:
        e6:bb:21:d3:8d:5f:b4:3a:b8:ae:5a:f3:64:89:36:f1:23:c0:
        31:4e:57:a0:08:f2:f1:a8:36:51:37:c2:bf:57:17:a2:ff:b8:
        d1:77:a2:c5:f9:70:92:16:e9:8f:1d:7c:90:24:37:00:db:c9:
        a1:b8:e6:95:0d:29:82:a9:4b:03

What exactly is the cause, and how can we enhance the error message for that case so the user can understand what the problem is? Maybe hint to create RSA key or to use openssl instead? Looks like LibreSSL 4.0.0 doesnt support ED25519 keys with TLS?!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@michaelortmann