|
This is a bug introduced in changes for OpenSSL 1.0.2g (PTFs SI59896 and
SI59895).
The problem occurs when OpenSSL prompts for a response, in this case
asking for the password. As a workaround you can use the -passin
parameter:
PASS PHRASE ARGUMENTS
Several commands accept password arguments, typically using -passin
and -passout for input and output passwords respectively. These allow the
password to be obtained
from a variety of sources. Both of these options take a single
argument whose format is described below. If no password argument is given
and a password is required
then the user is prompted to enter one: this will typically be read
from the current terminal with echoing turned off.
pass:password
the actual password is password. Since the password is
visible to utilities (like 'ps' under Unix) this form should only be used
where security is not
important.
env:var obtain the password from the environment variable var.
Since the environment of other processes is visible on certain platforms
(e.g. ps under certain Unix
OSes) this option should be used with caution.
file:pathname
the first line of pathname is the password. If the same
pathname argument is supplied to -passin and -passout arguments then the
first line will be used for
the input password and the next line for the output
password. pathname need not refer to a regular file: it could for example
refer to a device or named
pipe.
fd:number read the password from the file descriptor number. This
can be used to send the data via a pipe for example.
stdin read the password from standard input.
For example:
openssl pkcs12 -in "mycert.pfx" -clcerts -nokeys -out mycert.cer -passin
pass:mypassword
openssl pkcs12 -in "mycert.pfx" -nocerts -nodes -out mycert.key -passin
pass:mypassword
Another customer ran in to this and has opened a PMR and a fix is being
worked on. You can open a PMR if you like or use the workaround in the
meantime.
"MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx> wrote on 04/15/2016
03:24:12 PM:
From: Matt Lavinder <mlavinder@xxxxxxxxxxxxxxxxxxx>Typically, I
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Date: 04/15/2016 03:25 PM
Subject: OpenSSL segmentation fault
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>
I have an an OpenSSL command I use to extract the components of a pfx
file. More or less, the commands I use are:
openssl pkcs12 -in "mycert.pfx" -clcerts -nokeys -out mycert.cer
openssl pkcs12 -in "mycert.pfx" -nocerts -nodes -out mycert.key
I have to do this process when we renew our SSL certificate.
run these from a PASE terminal (QP2TERM) without issue; however, thisyear,
I am getting a segmentation fault and core dump.it
I was able to use openssl inside of cygwin to complete this process, but
bothers me that something that used to work is not working. I was ableto
run a few other openssl commands without issue, so it is not entirelyme
broken.
I am not sure where openssl falls. Is this something IBM would assist
with? Any ideas on what might cause this?be
I noticed my openssl version is 1.0.2g and shows a date of "1 Mar 2016".
Cygwin is using the same version and works fine, but I suppose it could
PASE or AIX related. If someone else wants to test the above out, thatrunning
might be helpful. At least I would know if it is just me. We are
IBM i 7.1.list
--
*Matt Lavinder *
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxxquestions.
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
