Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Server not recognizing public key algorithm. #639

Open
anhu opened this issue Feb 12, 2025 · 5 comments
Open

Server not recognizing public key algorithm. #639

anhu opened this issue Feb 12, 2025 · 5 comments
Labels
bug Something isn't working

Comments

@anhu
Copy link

anhu commented Feb 12, 2025

I'm at commit afc1de2 (HEAD -> main, origin/main, origin/HEAD)
I did fullbuild.sh.

I generated a certificate chain. Some relevant command and snipped output:

$ openssl x509  -provider-path /path/to/oqs-provider/_build/lib -provider oqsprovider -in mldsa44_entity_cert.pem -noout -text
...
        Subject Public Key Info:
            Public Key Algorithm: mldsa44
                mldsa44 public key:
                PQ key material:
                    7e:87:7f:a7:ae:3b:26:05:29:5b:28:6a:db:52:d8:
...

So we know this is an mldsa44 public key in the certificate. I then run the following command and get the error as shown below:

$ openssl s_server  -provider-path /path/to/oqs-provider/_build/lib -provider oqsprovider -port 11111 -cert mldsa44_entity_cert.pem -key mldsa44_entity_key.pem
Using default temp DH parameters
error setting certificate
801B7753797A0000:error:0A0000F7:SSL routines:ssl_set_cert:unknown certificate type:../ssl/ssl_rsa.c:239:

Version of openSSL might be relevant:

$ openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

Am I missing something on the s_server command line?

Warm regards, Anthony
@anhu anhu added the bug Something isn't working label Feb 12, 2025
@SWilson4
Copy link
Member

SWilson4 commented Feb 12, 2025
edited
Loading

Hi @anhu! I believe you need to upgrade OpenSSL to at least 3.2 in order to use post-quantum signatures. Please let me know if that solves the problem for you.

@anhu
Copy link
Author

anhu commented Feb 12, 2025

OH, interesting. I suppose that is because of the signature support for providers. Thank you.

@anhu
Copy link
Author

anhu commented Feb 12, 2025

Good news!!

$ OPENSSL_BRANCH=openssl-3.2.4  scripts/fullbuild.sh
...
$ .local/bin/openssl s_server -provider-path _build/lib/   -provider oqsprovider -provider default -port 11111 -cert mldsa44_entity_cert.pem -key mldsa44_entity_key.pem
Using default temp DH parameters
ACCEPT

Thanks for letting me know.
Warm regards, Anthony

@anhu anhu closed this as completed Feb 12, 2025
@anhu anhu reopened this Feb 20, 2025
@anhu
Copy link
Author

anhu commented Feb 20, 2025

@SWilson4 ,

I'm now at 1246c33.
$ OPENSSL_BRANCH=openssl-3.2.4 scripts/fullbuild.sh no longer builds openssl

$ git clean -xdf
$ OPENSSL_BRANCH=openssl-3.2.4  scripts/fullbuild.sh
...
$ ls .local/bin/
ls: cannot access '.local/bin/': No such file or directory

@SWilson4
Copy link
Member

@anhu It works for me in a fresh Ubuntu 24 Docker container. Did the script complete successfully?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@anhu @SWilson4