Bug 631000 – rhel6 openssl creates PKCS#8 encoded PEM RSA private key files, nss can't read them

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 631000 - rhel6 openssl creates PKCS#8 encoded PEM RSA private key files, nss can't read them

Summary:	rhel6 openssl creates PKCS#8 encoded PEM RSA private key files, nss can't rea...

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	nss (Show other bugs)
Sub Component:
Version:	6.0
Hardware:	All Linux

Priority	high Severity urgent
Target Milestone:	rc
Target Release:	6.1
Assigned To:	Elio Maldonado Batiz
QA Contact:	Aleš Mareček
Docs Contact:

URL:
Whiteboard:
Keywords:

Duplicates:	614531 630102 (view as bug list)
Depends On:	630102
Blocks:
	Show dependency tree / graph

Reported:	2010-09-07 11:16 EDT by Dennis Gilmore
Modified:	2016-08-22 16:40 EDT (History)
CC List:	8 users (show)

See Also:
Fixed In Version:	nss-3.12.9-1.el6
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2011-05-19 10:03:31 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2011:0692	normal	SHIPPED_LIVE	nspr, nss, nss-softokn, and nss-util bug fix and enhancement update	2011-05-19 05:37:17 EDT

Groups: None (edit)

Description Dennis Gilmore 2010-09-07 11:16:28 EDT

Description of problem:

RHEL 6's openssl creates PKCS#8 encoded PEM RSA private key files.

nss can not read them,  it breaks using ssl cert auth with curl for instance.

Version-Release number of selected component (if applicable):


How reproducible:
always

Steps to Reproduce:
1. get ssl cert from FAS (Fedora Account System)
2. try and upload new sources to lookaside cache
3.
  
Actual results:
Fails with ssl error

Expected results:
sources to be uploaded

Additional info:

This has been fixed in Fedora

Comment 2 Elio Maldonado Batiz 2010-09-10 13:42:08 EDT

(In reply to comment #0) 
> This has been fixed in Fedora
Yes, and the associated Fedora bug was cloned for RHEL-6 as
https://bugzilla.redhat.com/show_bug.cgi?id=630102

Comment 3 Elio Maldonado Batiz 2010-10-14 17:23:40 EDT

*** Bug 614531 has been marked as a duplicate of this bug. ***

Comment 4 Elio Maldonado Batiz 2010-10-14 17:24:49 EDT

*** Bug 630102 has been marked as a duplicate of this bug. ***

Comment 14 errata-xmlrpc 2011-05-19 10:03:31 EDT

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0692.html

Comment 15 David Woodhouse 2016-08-22 16:40:13 EDT

Works for unencrypted PKCS#8 keys. Doesn't seem to work if they have a passphrase...

Note You need to log in before you can comment on or make changes to this bug.