FAQ
I'm trying to parse a public/private key pair, but I get this error:

2013/03/31 23:40:56 crypto/tls: failed to parse key PEM data

Any idea? my system is Ubuntu 12.10 64b

http://play.golang.org/p/4EZCrtQLP8

--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

  • Péter Szilágyi at Mar 31, 2013 at 11:06 pm
    Hi,

    It would help if you provided the actual file contents too (the cert and
    key). On my system your code runs ok.

    Cheers,
    Peter

    On Mon, Apr 1, 2013 at 12:49 AM, Archos wrote:

    I'm trying to parse a public/private key pair, but I get this error:

    2013/03/31 23:40:56 crypto/tls: failed to parse key PEM data

    Any idea? my system is Ubuntu 12.10 64b

    http://play.golang.org/p/4EZCrtQLP8

    --
    You received this message because you are subscribed to the Google Groups
    "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Archos at Apr 1, 2013 at 6:26 am
    The key is the private part of the certificate so it should not go out of
    the system.
    But, I've done some checks:

    # openssl verify /etc/ssl/certs/ssl-cert-snakeoil.pem
    /etc/ssl/certs/ssl-cert-snakeoil.pem: OK

    # openssl verify /etc/ssl/private/ssl-cert-snakeoil.key
    unable to load certificate
    140652157666976:error:0906D06C:PEM routines:PEM_read_bio:no start
    line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE

    There is the issue.

    My system is Ubuntu 12.10 64 bits with

    # openssl version
    OpenSSL 1.0.1c 10 May 2012

    Any other people with that problem in that system?

    El lunes, 1 de abril de 2013 00:06:53 UTC+1, Péter Szilágyi escribió:
    Hi,

    It would help if you provided the actual file contents too (the cert and
    key). On my system your code runs ok.

    Cheers,
    Peter


    On Mon, Apr 1, 2013 at 12:49 AM, Archos <raul...@sent.com <javascript:>>wrote:
    I'm trying to parse a public/private key pair, but I get this error:

    2013/03/31 23:40:56 crypto/tls: failed to parse key PEM data

    Any idea? my system is Ubuntu 12.10 64b

    http://play.golang.org/p/4EZCrtQLP8

    --
    You received this message because you are subscribed to the Google Groups
    "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to golang-nuts...@googlegroups.com <javascript:>.
    For more options, visit https://groups.google.com/groups/opt_out.

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • David Anderson at Apr 1, 2013 at 6:41 am
    Looks like your private key is corrupted. Try regenerating the certs
    (delete them, then dpkg-reconfigure some package... maybe 'openssl' ? Or
    just use `openssl` to generate a new cert+key).

    If regenerating still outputs an invalid private key, I suggest running
    memtest on your system in case you have bad ram (random file corruption is
    a common symptom), or looking in dmesg for hard drive errors (symptom of a
    bad disk).

    For reference, I've done SSL key parsing on ubuntu 12.04, 12.10, as well as
    debian stable. Go's stdlib can parse certs and keys from all those systems
    just fine.

    - Dave

    On Sun, Mar 31, 2013 at 11:26 PM, Archos wrote:

    The key is the private part of the certificate so it should not go out of
    the system.
    But, I've done some checks:

    # openssl verify /etc/ssl/certs/ssl-cert-snakeoil.pem
    /etc/ssl/certs/ssl-cert-snakeoil.pem: OK

    # openssl verify /etc/ssl/private/ssl-cert-snakeoil.key
    unable to load certificate
    140652157666976:error:0906D06C:PEM routines:PEM_read_bio:no start
    line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE

    There is the issue.

    My system is Ubuntu 12.10 64 bits with

    # openssl version
    OpenSSL 1.0.1c 10 May 2012

    Any other people with that problem in that system?

    El lunes, 1 de abril de 2013 00:06:53 UTC+1, Péter Szilágyi escribió:
    Hi,

    It would help if you provided the actual file contents too (the cert
    and key). On my system your code runs ok.

    Cheers,
    Peter

    On Mon, Apr 1, 2013 at 12:49 AM, Archos wrote:

    I'm trying to parse a public/private key pair, but I get this error:

    2013/03/31 23:40:56 crypto/tls: failed to parse key PEM data

    Any idea? my system is Ubuntu 12.10 64b

    http://play.golang.org/p/**4EZCrtQLP8<http://play.golang.org/p/4EZCrtQLP8>


    --
    You received this message because you are subscribed to the Google
    Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send
    an email to golang-nuts...@**googlegroups.com.

    For more options, visit https://groups.google.com/**groups/opt_out<https://groups.google.com/groups/opt_out>
    .

    --
    You received this message because you are subscribed to the Google Groups
    "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Archos at Apr 1, 2013 at 7:03 am
    1. I generated a new pair cert+key:

    # make-ssl-cert generate-default-snakeoil --force-overwrite

    # openssl verify /etc/ssl/certs/ssl-cert-snakeoil.pem
    /etc/ssl/certs/ssl-cert-snakeoil.pem: CN = fenix
    error 18 at 0 depth lookup:self signed certificate
    OK

    # openssl verify /etc/ssl/private/ssl-cert-snakeoil.key
    unable to load certificate
    140173049370272:error:0906D06C:PEM routines:PEM_read_bio:no start
    line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE

    2. I deleted, and I re-installed ssl-cert:

    # rm /etc/ssl/certs/ssl-cert-snakeoil.pem
    /etc/ssl/private/ssl-cert-snakeoil.key
    # apt-get install --reinstall ssl-cert

    But I get the same error than in point 1.

    I'm going to running memtest, although my RAM is of Kignston

    El lunes, 1 de abril de 2013 07:41:31 UTC+1, David Anderson escribió:
    Looks like your private key is corrupted. Try regenerating the certs
    (delete them, then dpkg-reconfigure some package... maybe 'openssl' ? Or
    just use `openssl` to generate a new cert+key).

    If regenerating still outputs an invalid private key, I suggest running
    memtest on your system in case you have bad ram (random file corruption is
    a common symptom), or looking in dmesg for hard drive errors (symptom of a
    bad disk).

    For reference, I've done SSL key parsing on ubuntu 12.04, 12.10, as well
    as debian stable. Go's stdlib can parse certs and keys from all those
    systems just fine.

    - Dave


    On Sun, Mar 31, 2013 at 11:26 PM, Archos <raul...@sent.com <javascript:>>wrote:
    The key is the private part of the certificate so it should not go out of
    the system.
    But, I've done some checks:

    # openssl verify /etc/ssl/certs/ssl-cert-snakeoil.pem
    /etc/ssl/certs/ssl-cert-snakeoil.pem: OK

    # openssl verify /etc/ssl/private/ssl-cert-snakeoil.key
    unable to load certificate
    140652157666976:error:0906D06C:PEM routines:PEM_read_bio:no start
    line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE

    There is the issue.

    My system is Ubuntu 12.10 64 bits with

    # openssl version
    OpenSSL 1.0.1c 10 May 2012

    Any other people with that problem in that system?

    El lunes, 1 de abril de 2013 00:06:53 UTC+1, Péter Szilágyi escribió:
    Hi,

    It would help if you provided the actual file contents too (the cert
    and key). On my system your code runs ok.

    Cheers,
    Peter

    On Mon, Apr 1, 2013 at 12:49 AM, Archos wrote:

    I'm trying to parse a public/private key pair, but I get this error:

    2013/03/31 23:40:56 crypto/tls: failed to parse key PEM data

    Any idea? my system is Ubuntu 12.10 64b

    http://play.golang.org/p/**4EZCrtQLP8<http://play.golang.org/p/4EZCrtQLP8>


    --
    You received this message because you are subscribed to the Google
    Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send
    an email to golang-nuts...@**googlegroups.com.

    For more options, visit https://groups.google.com/**groups/opt_out<https://groups.google.com/groups/opt_out>
    .

    --
    You received this message because you are subscribed to the Google Groups
    "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to golang-nuts...@googlegroups.com <javascript:>.
    For more options, visit https://groups.google.com/groups/opt_out.

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • David Anderson at Apr 1, 2013 at 7:20 am
    I recently RMA'd Kingston ram for many deterministic memory errors
    (detected by memtest). I've learned that you should never trust your ram if
    it's not ECC (and even then, run memtest on it and check for a high level
    of corrected errors).

    In the end, I swapped my motherboard for one that supports ECC, and use
    only ECC ram in machines that I care about (file servers and such). Non-ECC
    ram is fine for gaming and browsing the internet, but for any serious use,
    I no longer trust it.

    - Dave

    On Mon, Apr 1, 2013 at 12:03 AM, Archos wrote:

    1. I generated a new pair cert+key:

    # make-ssl-cert generate-default-snakeoil --force-overwrite

    # openssl verify /etc/ssl/certs/ssl-cert-snakeoil.pem
    /etc/ssl/certs/ssl-cert-snakeoil.pem: CN = fenix
    error 18 at 0 depth lookup:self signed certificate

    OK

    # openssl verify /etc/ssl/private/ssl-cert-snakeoil.key
    unable to load certificate
    140173049370272:error:0906D06C:PEM routines:PEM_read_bio:no start
    line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE

    2. I deleted, and I re-installed ssl-cert:

    # rm /etc/ssl/certs/ssl-cert-snakeoil.pem
    /etc/ssl/private/ssl-cert-snakeoil.key
    # apt-get install --reinstall ssl-cert

    But I get the same error than in point 1.

    I'm going to running memtest, although my RAM is of Kignston

    El lunes, 1 de abril de 2013 07:41:31 UTC+1, David Anderson escribió:
    Looks like your private key is corrupted. Try regenerating the certs
    (delete them, then dpkg-reconfigure some package... maybe 'openssl' ? Or
    just use `openssl` to generate a new cert+key).

    If regenerating still outputs an invalid private key, I suggest running
    memtest on your system in case you have bad ram (random file corruption is
    a common symptom), or looking in dmesg for hard drive errors (symptom of a
    bad disk).

    For reference, I've done SSL key parsing on ubuntu 12.04, 12.10, as well
    as debian stable. Go's stdlib can parse certs and keys from all those
    systems just fine.

    - Dave

    On Sun, Mar 31, 2013 at 11:26 PM, Archos wrote:

    The key is the private part of the certificate so it should not go out
    of the system.
    But, I've done some checks:

    # openssl verify /etc/ssl/certs/ssl-cert-**snakeoil.pem
    /etc/ssl/certs/ssl-cert-**snakeoil.pem: OK

    # openssl verify /etc/ssl/private/ssl-cert-**snakeoil.key
    unable to load certificate
    140652157666976:error:**0906D06C:PEM routines:PEM_read_bio:no start
    line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE

    There is the issue.

    My system is Ubuntu 12.10 64 bits with

    # openssl version
    OpenSSL 1.0.1c 10 May 2012

    Any other people with that problem in that system?

    El lunes, 1 de abril de 2013 00:06:53 UTC+1, Péter Szilágyi escribió:
    Hi,

    It would help if you provided the actual file contents too (the cert
    and key). On my system your code runs ok.

    Cheers,
    Peter

    On Mon, Apr 1, 2013 at 12:49 AM, Archos wrote:

    I'm trying to parse a public/private key pair, but I get this error:

    2013/03/31 23:40:56 crypto/tls: failed to parse key PEM data

    Any idea? my system is Ubuntu 12.10 64b

    http://play.golang.org/p/**4EZCr**tQLP8<http://play.golang.org/p/4EZCrtQLP8>


    --
    You received this message because you are subscribed to the Google
    Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send
    an email to golang-nuts...@**googlegroups.**com.

    For more options, visit https://groups.google.com/**grou**ps/opt_out<https://groups.google.com/groups/opt_out>
    .

    --
    You received this message because you are subscribed to the Google
    Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send
    an email to golang-nuts...@**googlegroups.com.
    For more options, visit https://groups.google.com/**groups/opt_out<https://groups.google.com/groups/opt_out>
    .

    --
    You received this message because you are subscribed to the Google Groups
    "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Archos at Apr 1, 2013 at 3:24 pm
    Thanks for to try help and for the information.
    Although the issue has been solved at installing tip version, the first
    time I'll buy a motherboard with ECC support if it is not too expensive.


    El lunes, 1 de abril de 2013 08:19:40 UTC+1, David Anderson escribió:
    I recently RMA'd Kingston ram for many deterministic memory errors
    (detected by memtest). I've learned that you should never trust your ram if
    it's not ECC (and even then, run memtest on it and check for a high level
    of corrected errors).

    In the end, I swapped my motherboard for one that supports ECC, and use
    only ECC ram in machines that I care about (file servers and such). Non-ECC
    ram is fine for gaming and browsing the internet, but for any serious use,
    I no longer trust it.

    - Dave


    On Mon, Apr 1, 2013 at 12:03 AM, Archos <raul...@sent.com <javascript:>>wrote:
    1. I generated a new pair cert+key:

    # make-ssl-cert generate-default-snakeoil --force-overwrite

    # openssl verify /etc/ssl/certs/ssl-cert-snakeoil.pem
    /etc/ssl/certs/ssl-cert-snakeoil.pem: CN = fenix
    error 18 at 0 depth lookup:self signed certificate

    OK

    # openssl verify /etc/ssl/private/ssl-cert-snakeoil.key
    unable to load certificate
    140173049370272:error:0906D06C:PEM routines:PEM_read_bio:no start
    line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE

    2. I deleted, and I re-installed ssl-cert:

    # rm /etc/ssl/certs/ssl-cert-snakeoil.pem
    /etc/ssl/private/ssl-cert-snakeoil.key
    # apt-get install --reinstall ssl-cert

    But I get the same error than in point 1.

    I'm going to running memtest, although my RAM is of Kignston

    El lunes, 1 de abril de 2013 07:41:31 UTC+1, David Anderson escribió:
    Looks like your private key is corrupted. Try regenerating the certs
    (delete them, then dpkg-reconfigure some package... maybe 'openssl' ? Or
    just use `openssl` to generate a new cert+key).

    If regenerating still outputs an invalid private key, I suggest running
    memtest on your system in case you have bad ram (random file corruption is
    a common symptom), or looking in dmesg for hard drive errors (symptom of a
    bad disk).

    For reference, I've done SSL key parsing on ubuntu 12.04, 12.10, as well
    as debian stable. Go's stdlib can parse certs and keys from all those
    systems just fine.

    - Dave

    On Sun, Mar 31, 2013 at 11:26 PM, Archos wrote:

    The key is the private part of the certificate so it should not go out
    of the system.
    But, I've done some checks:

    # openssl verify /etc/ssl/certs/ssl-cert-**snakeoil.pem
    /etc/ssl/certs/ssl-cert-**snakeoil.pem: OK

    # openssl verify /etc/ssl/private/ssl-cert-**snakeoil.key
    unable to load certificate
    140652157666976:error:**0906D06C:PEM routines:PEM_read_bio:no start
    line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE

    There is the issue.

    My system is Ubuntu 12.10 64 bits with

    # openssl version
    OpenSSL 1.0.1c 10 May 2012

    Any other people with that problem in that system?

    El lunes, 1 de abril de 2013 00:06:53 UTC+1, Péter Szilágyi escribió:
    Hi,

    It would help if you provided the actual file contents too (the cert
    and key). On my system your code runs ok.

    Cheers,
    Peter

    On Mon, Apr 1, 2013 at 12:49 AM, Archos wrote:

    I'm trying to parse a public/private key pair, but I get this error:

    2013/03/31 23:40:56 crypto/tls: failed to parse key PEM data

    Any idea? my system is Ubuntu 12.10 64b

    http://play.golang.org/p/**4EZCr**tQLP8<http://play.golang.org/p/4EZCrtQLP8>


    --
    You received this message because you are subscribed to the Google
    Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it,
    send an email to golang-nuts...@**googlegroups.**com.

    For more options, visit https://groups.google.com/**grou**ps/opt_out<https://groups.google.com/groups/opt_out>
    .

    --
    You received this message because you are subscribed to the Google
    Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send
    an email to golang-nuts...@**googlegroups.com.
    For more options, visit https://groups.google.com/**groups/opt_out<https://groups.google.com/groups/opt_out>
    .

    --
    You received this message because you are subscribed to the Google Groups
    "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to golang-nuts...@googlegroups.com <javascript:>.
    For more options, visit https://groups.google.com/groups/opt_out.

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Archos at Apr 1, 2013 at 8:03 am
    My RAM memory is ok.It tools about 20 min. to checking a module of 4GB DDR3.

    But looking at dmesg, I founf several errors like:

    [ 5.243863] mtrr: type mismatch for e0000000,400000 old: write-back new:
    write-combining

    Could it be the problem?

    By the way, I didn't find any error related to hard disk: `dmesg |grep sd
    less`
    El lunes, 1 de abril de 2013 08:03:26 UTC+1, Archos escribió:
    I'm going to running memtest, although my RAM is of Kignston

    El lunes, 1 de abril de 2013 07:41:31 UTC+1, David Anderson escribió:
    Looks like your private key is corrupted. Try regenerating the certs
    (delete them, then dpkg-reconfigure some package... maybe 'openssl' ? Or
    just use `openssl` to generate a new cert+key).

    If regenerating still outputs an invalid private key, I suggest running
    memtest on your system in case you have bad ram (random file corruption is
    a common symptom), or looking in dmesg for hard drive errors (symptom of a
    bad disk).

    For reference, I've done SSL key parsing on ubuntu 12.04, 12.10, as well
    as debian stable. Go's stdlib can parse certs and keys from all those
    systems just fine.

    - Dave

    On Sun, Mar 31, 2013 at 11:26 PM, Archos wrote:

    The key is the private part of the certificate so it should not go out
    of the system.
    But, I've done some checks:

    # openssl verify /etc/ssl/certs/ssl-cert-snakeoil.pem
    /etc/ssl/certs/ssl-cert-snakeoil.pem: OK

    # openssl verify /etc/ssl/private/ssl-cert-snakeoil.key
    unable to load certificate
    140652157666976:error:0906D06C:PEM routines:PEM_read_bio:no start
    line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE

    There is the issue.

    My system is Ubuntu 12.10 64 bits with

    # openssl version
    OpenSSL 1.0.1c 10 May 2012

    Any other people with that problem in that system?

    El lunes, 1 de abril de 2013 00:06:53 UTC+1, Péter Szilágyi escribió:
    Hi,

    It would help if you provided the actual file contents too (the cert
    and key). On my system your code runs ok.

    Cheers,
    Peter

    On Mon, Apr 1, 2013 at 12:49 AM, Archos wrote:

    I'm trying to parse a public/private key pair, but I get this error:

    2013/03/31 23:40:56 crypto/tls: failed to parse key PEM data

    Any idea? my system is Ubuntu 12.10 64b

    http://play.golang.org/p/**4EZCrtQLP8<http://play.golang.org/p/4EZCrtQLP8>
    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • David Anderson at Apr 1, 2013 at 8:30 am

    On Mon, Apr 1, 2013 at 1:02 AM, Archos wrote:

    My RAM memory is ok.It tools about 20 min. to checking a module of 4GB
    DDR3.
    That sounds good, but for reference, my bad ram chip took 1.5hrs of memtest
    to reveal an error. That error was deterministic, every time memtest tested
    that ram chip, there was an error.

    But looking at dmesg, I founf several errors like:

    [ 5.243863] mtrr: type mismatch for e0000000,400000 old: write-back
    new: write-combining

    Could it be the problem?
    I don't know, but a bit of searching on Google says that you could try
    upgrading your kernel, because MTRR errors are common on older kernels
    (missing definitions for modern cpus, or problems with old video drivers).

    However, the problems that people on Google have aren't related to problems
    generating SSL certs.

    How long ago did you install your Ubuntu system? I just tried a 12.04
    system, and I had no problem with SSL keys. So, if you don't find a ram
    problem, my next theory is either a bad hard drive, or a corrupted Ubuntu
    installation. Generating invalid SSL keys is a very strange problem :/.

    - Dave

    By the way, I didn't find any error related to hard disk: `dmesg |grep sd
    less`
    El lunes, 1 de abril de 2013 08:03:26 UTC+1, Archos escribió:

    I'm going to running memtest, although my RAM is of Kignston
    El lunes, 1 de abril de 2013 07:41:31 UTC+1, David Anderson escribió:
    Looks like your private key is corrupted. Try regenerating the certs
    (delete them, then dpkg-reconfigure some package... maybe 'openssl' ? Or
    just use `openssl` to generate a new cert+key).

    If regenerating still outputs an invalid private key, I suggest running
    memtest on your system in case you have bad ram (random file corruption is
    a common symptom), or looking in dmesg for hard drive errors (symptom of a
    bad disk).

    For reference, I've done SSL key parsing on ubuntu 12.04, 12.10, as well
    as debian stable. Go's stdlib can parse certs and keys from all those
    systems just fine.

    - Dave

    On Sun, Mar 31, 2013 at 11:26 PM, Archos wrote:

    The key is the private part of the certificate so it should not go out
    of the system.
    But, I've done some checks:

    # openssl verify /etc/ssl/certs/ssl-cert-**snakeoil.pem
    /etc/ssl/certs/ssl-cert-**snakeoil.pem: OK

    # openssl verify /etc/ssl/private/ssl-cert-**snakeoil.key
    unable to load certificate
    140652157666976:error:**0906D06C:PEM routines:PEM_read_bio:no start
    line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE

    There is the issue.

    My system is Ubuntu 12.10 64 bits with

    # openssl version
    OpenSSL 1.0.1c 10 May 2012

    Any other people with that problem in that system?

    El lunes, 1 de abril de 2013 00:06:53 UTC+1, Péter Szilágyi escribió:
    Hi,

    It would help if you provided the actual file contents too (the cert
    and key). On my system your code runs ok.

    Cheers,
    Peter

    On Mon, Apr 1, 2013 at 12:49 AM, Archos wrote:

    I'm trying to parse a public/private key pair, but I get this error:

    2013/03/31 23:40:56 crypto/tls: failed to parse key PEM data

    Any idea? my system is Ubuntu 12.10 64b

    http://play.golang.org/p/**4EZCr**tQLP8<http://play.golang.org/p/4EZCrtQLP8>

    --
    You received this message because you are subscribed to the Google Groups
    "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Archos at Apr 1, 2013 at 10:08 am
    My kernel is not old, I have 3.5.0-26-generic. So the MTRR errors could be
    due to the bios.

    And to discard that it's an error related to my system installed, I
    installed Ubuntu server 12.04 64 bits under VirtualBox, and after of
    install `ssl-cer`, I verified the key file getting with the same failure.

    El lunes, 1 de abril de 2013 09:30:05 UTC+1, David Anderson escribió:
    On Mon, Apr 1, 2013 at 1:02 AM, Archos <raul...@sent.com <javascript:>>wrote:
    My RAM memory is ok.It tools about 20 min. to checking a module of 4GB
    DDR3.
    That sounds good, but for reference, my bad ram chip took 1.5hrs of
    memtest to reveal an error. That error was deterministic, every time
    memtest tested that ram chip, there was an error.

    But looking at dmesg, I founf several errors like:

    [ 5.243863] mtrr: type mismatch for e0000000,400000 old: write-back
    new: write-combining

    Could it be the problem?
    I don't know, but a bit of searching on Google says that you could try
    upgrading your kernel, because MTRR errors are common on older kernels
    (missing definitions for modern cpus, or problems with old video drivers).

    However, the problems that people on Google have aren't related to
    problems generating SSL certs.

    How long ago did you install your Ubuntu system? I just tried a 12.04
    system, and I had no problem with SSL keys. So, if you don't find a ram
    problem, my next theory is either a bad hard drive, or a corrupted Ubuntu
    installation. Generating invalid SSL keys is a very strange problem :/.

    - Dave

    By the way, I didn't find any error related to hard disk: `dmesg |grep sd
    less`
    El lunes, 1 de abril de 2013 08:03:26 UTC+1, Archos escribió:

    I'm going to running memtest, although my RAM is of Kignston
    El lunes, 1 de abril de 2013 07:41:31 UTC+1, David Anderson escribió:
    Looks like your private key is corrupted. Try regenerating the certs
    (delete them, then dpkg-reconfigure some package... maybe 'openssl' ? Or
    just use `openssl` to generate a new cert+key).

    If regenerating still outputs an invalid private key, I suggest running
    memtest on your system in case you have bad ram (random file corruption is
    a common symptom), or looking in dmesg for hard drive errors (symptom of a
    bad disk).

    For reference, I've done SSL key parsing on ubuntu 12.04, 12.10, as
    well as debian stable. Go's stdlib can parse certs and keys from all those
    systems just fine.

    - Dave

    On Sun, Mar 31, 2013 at 11:26 PM, Archos wrote:

    The key is the private part of the certificate so it should not go out
    of the system.
    But, I've done some checks:

    # openssl verify /etc/ssl/certs/ssl-cert-**snakeoil.pem
    /etc/ssl/certs/ssl-cert-**snakeoil.pem: OK

    # openssl verify /etc/ssl/private/ssl-cert-**snakeoil.key
    unable to load certificate
    140652157666976:error:**0906D06C:PEM routines:PEM_read_bio:no start
    line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE

    There is the issue.

    My system is Ubuntu 12.10 64 bits with

    # openssl version
    OpenSSL 1.0.1c 10 May 2012

    Any other people with that problem in that system?

    El lunes, 1 de abril de 2013 00:06:53 UTC+1, Péter Szilágyi escribió:
    Hi,

    It would help if you provided the actual file contents too (the
    cert and key). On my system your code runs ok.

    Cheers,
    Peter

    On Mon, Apr 1, 2013 at 12:49 AM, Archos wrote:

    I'm trying to parse a public/private key pair, but I get this error:

    2013/03/31 23:40:56 crypto/tls: failed to parse key PEM data

    Any idea? my system is Ubuntu 12.10 64b

    http://play.golang.org/p/**4EZCr**tQLP8<http://play.golang.org/p/4EZCrtQLP8>

    --
    You received this message because you are subscribed to the Google Groups
    "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to golang-nuts...@googlegroups.com <javascript:>.
    For more options, visit https://groups.google.com/groups/opt_out.

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Archos at Apr 1, 2013 at 11:13 am
    This is one of the last things to checking. Does anybody could test this
    private key in your system?

    http://pastebin.com/m0s3eHY9

    + openssl verify cert-test.key

    El lunes, 1 de abril de 2013 11:08:21 UTC+1, Archos escribió:
    My kernel is not old, I have 3.5.0-26-generic. So the MTRR errors could be
    due to the bios.

    And to discard that it's an error related to my system installed, I
    installed Ubuntu server 12.04 64 bits under VirtualBox, and after of
    install `ssl-cer`, I verified the key file getting with the same failure.

    El lunes, 1 de abril de 2013 09:30:05 UTC+1, David Anderson escribió:
    On Mon, Apr 1, 2013 at 1:02 AM, Archos wrote:

    My RAM memory is ok.It tools about 20 min. to checking a module of 4GB
    DDR3.
    That sounds good, but for reference, my bad ram chip took 1.5hrs of
    memtest to reveal an error. That error was deterministic, every time
    memtest tested that ram chip, there was an error.

    But looking at dmesg, I founf several errors like:

    [ 5.243863] mtrr: type mismatch for e0000000,400000 old: write-back
    new: write-combining

    Could it be the problem?
    I don't know, but a bit of searching on Google says that you could try
    upgrading your kernel, because MTRR errors are common on older kernels
    (missing definitions for modern cpus, or problems with old video drivers).

    However, the problems that people on Google have aren't related to
    problems generating SSL certs.

    How long ago did you install your Ubuntu system? I just tried a 12.04
    system, and I had no problem with SSL keys. So, if you don't find a ram
    problem, my next theory is either a bad hard drive, or a corrupted Ubuntu
    installation. Generating invalid SSL keys is a very strange problem :/.

    - Dave

    By the way, I didn't find any error related to hard disk: `dmesg |grep
    sd |less`

    El lunes, 1 de abril de 2013 08:03:26 UTC+1, Archos escribió:

    I'm going to running memtest, although my RAM is of Kignston
    El lunes, 1 de abril de 2013 07:41:31 UTC+1, David Anderson escribió:
    Looks like your private key is corrupted. Try regenerating the certs
    (delete them, then dpkg-reconfigure some package... maybe 'openssl' ? Or
    just use `openssl` to generate a new cert+key).

    If regenerating still outputs an invalid private key, I suggest
    running memtest on your system in case you have bad ram (random file
    corruption is a common symptom), or looking in dmesg for hard drive errors
    (symptom of a bad disk).

    For reference, I've done SSL key parsing on ubuntu 12.04, 12.10, as
    well as debian stable. Go's stdlib can parse certs and keys from all those
    systems just fine.

    - Dave

    On Sun, Mar 31, 2013 at 11:26 PM, Archos wrote:

    The key is the private part of the certificate so it should not go
    out of the system.
    But, I've done some checks:

    # openssl verify /etc/ssl/certs/ssl-cert-**snakeoil.pem
    /etc/ssl/certs/ssl-cert-**snakeoil.pem: OK

    # openssl verify /etc/ssl/private/ssl-cert-**snakeoil.key
    unable to load certificate
    140652157666976:error:**0906D06C:PEM routines:PEM_read_bio:no start
    line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE

    There is the issue.

    My system is Ubuntu 12.10 64 bits with

    # openssl version
    OpenSSL 1.0.1c 10 May 2012

    Any other people with that problem in that system?

    El lunes, 1 de abril de 2013 00:06:53 UTC+1, Péter Szilágyi escribió:
    Hi,

    It would help if you provided the actual file contents too (the
    cert and key). On my system your code runs ok.

    Cheers,
    Peter

    On Mon, Apr 1, 2013 at 12:49 AM, Archos wrote:

    I'm trying to parse a public/private key pair, but I get this
    error:

    2013/03/31 23:40:56 crypto/tls: failed to parse key PEM data

    Any idea? my system is Ubuntu 12.10 64b

    http://play.golang.org/p/**4EZCr**tQLP8<http://play.golang.org/p/4EZCrtQLP8>

    --
    You received this message because you are subscribed to the Google
    Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send
    an email to golang-nuts...@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Archos at Apr 1, 2013 at 3:20 pm
    Solved! Thanks to the help of Lucio De Re.

    To start, `openssl verify` is to ckecking only the public key, not for the
    private key. Into a system like NetBSD, it is said clearly.

    + Check public key of certificate:

    $ openssl verify /etc/ssl/certs/ssl-cert-snakeoil.pem

    + Check private key of certificate:

    # openssl rsa -noout -text -in /etc/ssl/private/ssl-cert-snakeoil.key

    I was using version devel +2a4a89b1f36b. I checked if there were any
    problem in the library:

    $ cd $GOROOT/src/pkg/crypto/tls
    $ go test -i
    $ go test

    The tests were ok. Anyway, I updated to tip version and the problem has
    been solved.

    El domingo, 31 de marzo de 2013 23:49:01 UTC+1, Archos escribió:
    I'm trying to parse a public/private key pair, but I get this error:

    2013/03/31 23:40:56 crypto/tls: failed to parse key PEM data

    Any idea? my system is Ubuntu 12.10 64b

    http://play.golang.org/p/4EZCrtQLP8
    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupgolang-nuts @
categoriesgo
postedMar 31, '13 at 10:49p
activeApr 1, '13 at 3:24p
posts12
users3
websitegolang.org

People

Translate

site design / logo © 2022 Grokbase