A note to myself and my clients more than anything else...
It seems that when you generate a key using a 1.x version of the openssl utility the blob looks like this:
-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI7BZmHKzGwtQCAggA etc... T+CaOPXRod3cKwZEgp0vkM+gpsLw0C6WVEdV01ZrgUsJ2DceYXaenHCjfZ7jwy84 LKk= -----END ENCRYPTED PRIVATE KEY-----whereas when you generate a key in exactly the same way with an 0.9.8 version of the utility the blob looks like this:
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,061B6446EB96A47B OFE9asOb689P0l6++Nwz0HYop4KdgKh6NFCzZV/kjp03VL2RW6beii2x70ikTLjs etc... Av0yRECeV+1ztYamAAYbniTeVsYaim07tBWadVFjYZqr+cOwDz/3ZPAn51/179j2 -----END RSA PRIVATE KEY-----I'm sure someone who understands this stuff more than I do will be able to tell exactly what this difference means, but in practice, it means that if your code is built against an 0.9.8 release of OpenSSL then it will fail to load the key blob if you use
SSL_CTX_use_PrivateKey_file().
Leave a comment