Why openssl on windows produces error but not on centos to read pkcs12

Hi,

Its been days trying to figure out what could be wrong, hence I need
some one who already did tried to read pkcs12 certificate before.

This is code which I’m using both on centos and windows,

require ‘openssl’

if ARGV.length == 2
pkcs12 = OpenSSL::PKCS12.new(File.read(ARGV[0]), ARGV[1])
p pkcs12.certificate
else
puts "Usage: load_cert.rb "
end

Running this produces error on windows but not in linux/cygwin

Error:

OpenSSL::PKCS12::PKCS12Error: PKCS12_parse: mac verify failure from
(irb):21:in initialize’ from (irb):21:innew’ from (irb):21 from
C:/Ruby192/bin/irb:12:in `’

This has been so frustrating, that I tried to produce own certificate
own windows then tried again but it gives same error

I did these steps

  • Use this software to create certificates http://xca.sourceforge.net/
  • Exported UserCert2.crt, ruby reads correctly
    crt = File.read “UserCert2.crt”
    irb(main):018:0> certificate = OpenSSL::X509::Certificate.new crt
    => #<OpenSSL::X509::Certificate subject=/CN=Noman Tariq,
    issuer=/C=AU/ST=NSW/CN=CA, serial=2, not_before=2012-04-22 05:54:00 UTC,
    not_after=2013-04-22 05:54:00
    UTC>
  • Exported to usercert.p12, ruby gives same error

OpenSSL::PKCS12::PKCS12Error: PKCS12_parse: mac verify failure from
(irb):21:in initialize’ from (irb):21:innew’ from (irb):21 from
C:/Ruby192/bin/irb:12:in `’

Thanks in advance for any clue or help,
Nauman

On Sun, Apr 22, 2012 at 9:35 AM, Nauman T. [email protected]
wrote:

OpenSSL::PKCS12::PKCS12Error: PKCS12_parse: mac verify failure from
(irb):21:in initialize’ from (irb):21:innew’ from (irb):21 from
C:/Ruby192/bin/irb:12:in `’

Thanks in advance for any clue or help,

Maybe Process Monitor from Sysinternals Suite can help you follow
syscalls of the process and identify the issue.

Kind regards

robert

Robert K. wrote in post #1057821:

On Sun, Apr 22, 2012 at 9:35 AM, Nauman T. [email protected]
wrote:

OpenSSL::PKCS12::PKCS12Error: PKCS12_parse: mac verify failure from
(irb):21:in initialize’ from (irb):21:innew’ from (irb):21 from
C:/Ruby192/bin/irb:12:in `’

Thanks in advance for any clue or help,

Maybe Process Monitor from Sysinternals Suite can help you follow
syscalls of the process and identify the issue.

Kind regards

robert

I don’t seems to understand, how in this context it can help me? can you
please explain bit more?

On Mon, Apr 23, 2012 at 3:12 AM, Nauman T. [email protected]
wrote:

I don’t seems to understand, how in this context it can help me? can you
please explain bit more?

PM is capable of tracing all syscalls and recording them along with
arguments and return values IIRC. That way you often get a good idea
what a program does and what the source of such an error might be. Of
course this works only if the error has something to do with the
system and is not internally in program logic. I suspect your case
has to do with the system. That’s why I suggested this.

Cheers

robert

W dniu 23 kwietnia 2012 19:11 użytkownik Brian C.
[email protected] napisał:

The documentation doesn’t make it clear whether IO.read() opens in text
or binary mode, but it’s possible that it defaults to text.

File.read() does CRLF conversion.

File.binread() doesn’t. (It was added in 1.9.3 I think.)

– Matma R.

Nauman T. wrote in post #1057798:

This is code which I’m using both on centos and windows,

require ‘openssl’

if ARGV.length == 2
pkcs12 = OpenSSL::PKCS12.new(File.read(ARGV[0]), ARGV[1])

I don’t use Windows, but could it be that File.read() is opening the
file in text mode, and thus doing CR/LF conversions?

Try:

… File.read(ARGV[0], :mode=>“rb”) …

(which looks to have been added in 1.9.x), or:

data = File.open(ARGV[0],“rb”) { |f| f.read }
pkcs12 = OpenSSL::PCKS12.new(data, ARGV[1])

The documentation doesn’t make it clear whether IO.read() opens in text
or binary mode, but it’s possible that it defaults to text.

Regards,

Brian.

Hello,

I’ve the same issue. Adding “rb” next to pfx_file name doesn’t work for
me. It gives, cannot convert string to integer as error. Can someone
please help me? I use windows 8.0 and ruby 1.9.3. How do I make sure
that I’ve installed openSSL?

def post_to_live(xass_body, xass_headers, pfx_file, pfx_pass)
xass_url = ‘https://service.auth.xboxlive.com/service/authenticate

client_cert = OpenSSL::PKCS12.new File.read(pfx_file), pfx_pass

rc = RestClient::Resource.new(
xass_url,
:ssl_client_cert => client_cert.certificate,
:ssl_client_key => client_cert.key,
:verify_ssl => OpenSSL::SSL::VERIFY_PEER
)

rc.post(xass_body, xass_headers)
end

Bartosz Dziewoński wrote in post #1058033:

W dniu 23 kwietnia 2012 19:11 użytkownik Brian C.
[email protected] napisał:

The documentation doesn’t make it clear whether IO.read() opens in text
or binary mode, but it’s possible that it defaults to text.

File.read() does CRLF conversion.

File.binread() doesn’t. (It was added in 1.9.3 I think.)

– Matma R.

Thanks Guys, that was the problem, I did already figure it out yesterday
after spending lot of time, wish had seen forum :)…

So this works,

File.read(ARGV[0], “rb”)

Thanks all for replies,
Nauman