Hi, I have a big problem about the OpenSSL usage, please help. OS:?Linux?version?3.7.10-1.1-desktop?(geeko at buildhost)?(gcc?version?4.7.2?20130108?[gcc-4_7-branch?revision?195012]?(SUSE?Linux)?)?#1?SMP?PREEMPT?Thu?Feb?28?15:06:29?UTC?2013?(82d3f21)OpenSSL version:?OpenSSL?1.1.0??25?Aug?2016 I create a OpenSSL client for iOS APNs client, the SSL initial function as below:#define?CA_CERT_PATH ? ? ? ? ?"./pem" #define?RSA_CLIENT_CERT?????"./pem/PushChatCert.pem" #define?RSA_CLIENT_KEY ? ? ? "./pem/PushChatKey.pem"bool?CAPNSClient::InitAPNSClient() { ????SSL_library_init(); ????SSL_load_error_strings(); ????ERR_clear_error(); ????OpenSSL_add_all_algorithms(); ? ????m_pMeth?=?TLS_client_method(); ????m_pCtx?=?SSL_CTX_new(m_pMeth); ????if(NULL?==?m_pCtx) ????{ ????????ERRLOG("Could?not?get?SSL?Context"); ????????return?false; ????} ????if(0?==?SSL_CTX_load_verify_locations(m_pCtx,?NULL,?CA_CERT_PATH)) ????{ ????????/*?Handle?failed?load?here?*/ ????????ERRLOG("Failed?to?set?CA?location:%s",?ERR_error_string(?ERR_get_error(),?NULL?)); ????????return?false; ????} ????if?(0?==?SSL_CTX_use_certificate_file(m_pCtx,?RSA_CLIENT_CERT,?SSL_FILETYPE_PEM)) ????{ ????????ERRLOG("Cannot?use?Certificate?File:%s",?ERR_error_string(?ERR_get_error(),?NULL?)); ????????return?false; ????} ????SSL_CTX_set_default_passwd_cb_userdata(m_pCtx,?(void*)"XXXX"); ????if?(0?==?SSL_CTX_use_PrivateKey_file(m_pCtx,?RSA_CLIENT_KEY,?SSL_FILETYPE_PEM)) ????{ ????????ERRLOG("Cannot?use?Private?Key:%s",?ERR_error_string(?ERR_get_error(),?NULL?)); ????????return?false; ????} ????if?(0?==?SSL_CTX_check_private_key(m_pCtx)) ????{ ????????ERRLOG("Private?key?does?not?match?the?certificate?public?key"); ????????return?false; ????} ????return?true; } when the programe run, the?SSL_CTX_use_certificate_file failed when load the certificate as attached! the error information is:??error:140AB18F:SSL?routines:SSL_CTX_use_certificate:ee?key?too?small as the suggestion from rt at openssl.org last night, I use?SSL_CTX_set_security_level(m_pCtx,?0) switch the security level from 1 to 0. ?But?SSL_CTX_use_certificate_file still failed! the log chang to:?error:140BF10C:SSL?routines:ssl_set_cert:x509?lib the weird thing is, this code and pem file work well on another server, which have the security level 1. So I guess the problem come from the ssl config. After searching, I found 2 openssl.cnf files, one on /etc/ssl/, another is on /usr/local/ssl. there only 4 different config between these 2 file:1.?default_bits, one is 2048, another is 10242.?basicConstraints, one is "critical,CA:true", another is "CA:true"3.?signer_digest, one is "sha256", another don't have this parameter4.?digests, one is "sha1,?sha256,?sha384,?sha512", another is "md5,?sha1" I already debug this issue for whole day, but still don't have any progress. Please help me, at least guide me how to solve it.? Thanks a lot! -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160913/21b64519/attachment-0001.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: PushChatCert.pem Type: application/octet-stream Size: 2139 bytes Desc: not available URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160913/21b64519/attachment-0001.obj>