1

I want to build an HTTPS client that connects to a HTTPS Server that requires mutual authentication. Additionally, the client key is an Elliptic Curve key instead of a RSA key. To support Elliptic Curve keys, I have recompiled Node.js with OpenSSL 1.0.2a.

In my node.js program, I set the options to specify a key and certificate, 

var options = {
// These are necessary only if using the client certificate authentication
key: fs.readFileSync('client-key.pem'),
cert: fs.readFileSync('client-cert.pem'),

and when I run it, I get this error:

Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
at Error (native)
at Object.createSecureContext (_tls_common.js:110:19)
at Object.exports.connect (_tls_wrap.js:854:21)
at Agent.createConnection (https.js:84:14)
at Agent.createSocket (_http_agent.js:196:16)
at Agent.addRequest (_http_agent.js:168:23)
at new ClientRequest (_http_client.js:156:16)
at Object.exports.request (http.js:51:10)
at exports.request (https.js:138:15)
...

This indicates that Node.js is not able to read the EC key. This error message is similar to when openssl attempts to read the key as an X509 cert:

openssl x509 -text -in sample.key 
unable to load certificate
140735234208608:error:0906D06C:PEM routines:PEM_read_bio:no start    
line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE

How can I force Node.js to load this key as an EC key?

Maneesh
  • 21
  • 1
  • Have you tried http://stackoverflow.com/questions/20837161/openssl-pem-routinespem-read-biono-start-linepem-lib-c703expecting-truste ? – Ray Stantz Mar 31 '15 at 19:52
  • Yes, all the information is printed correctly by openssl (v1.0.2a). The problem is with using the EC key instead of an RSA key. – Maneesh Mar 31 '15 at 21:23
  • `cat` both `client-key.pem` and `client-cert.pem`. Are they human readable and start with the familiar `--- BEGIN ... -----` and end with `--- END ... -----`? If so, then it sounds like OpenSSL 0.9.8 or below. EC support was added at 1.0.0 (or maybe 1.0.1). – jww Apr 01 '15 at 07:24

1 Answers1

0

The EC key was loaded once openssl 1.0.2a was properly configured. Ensure that Node.js' openssl version is correct.

Maneesh
  • 21
  • 1
  • It sounds like you may have a hidden ABI compatibility problem. OpenSSL 0.9.8 does not have EC support. OpenSSL 1.0.0 (and above) have EC support. If Node was built against 0.9.8, then you can't swap in a 1.x shared object because they are not binary compatible. And vice-versa. If you suffer unexplained crashes, then rebuild Node using OpenSSL 1.x (like 1.0.2). The unexplained crash is usually a symptom of the ABI problems. – jww Apr 01 '15 at 07:26