curl: RSA_padding_check_PKCS1_type_1:invalid padding
I know this is an old one, but I just had the same issue because I copied a PEM file from Windows with CRLF included instead of LF.
Use cat -v cert.pem
to check for it.
Brijesh Valera
I am working to make Internet faster, secure and reliable.
Updated on June 21, 2022Comments
-
Brijesh Valera almost 2 years
I am generating an X509 certificate through code (using OpenSSL APIs) for my server application. I have just added support for TLSv1.3 by adding TLSv1.3 ciphers in the supported list in my code.
There is no change in certificate generation and assigning RSA pub + private key to the certificate.
I have upgraded curl & OpenSSL libraries on client to enable TLSv1.3 connection. Upgraded Curl version: 7.63.0 & OpenSSL version: 1.1.1
I am seeing below error:
* TCP_NODELAY set * Connected to <domain> (<ip-address>) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: myCA.pem CApath: none } [5 bytes data] * TLSv1.3 (OUT), TLS handshake, Client hello (1): } [512 bytes data] * TLSv1.3 (IN), TLS handshake, Server hello (2): { [122 bytes data] * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): { [6 bytes data] * TLSv1.3 (IN), TLS handshake, Certificate (11): { [1781 bytes data] * TLSv1.3 (OUT), TLS alert, decrypt error (563): } [2 bytes data] * error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 * Closing connection 0 curl: (35) error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding
Same error comes even with TLSv1.2 (using same upgraded client).
What am I missing here? Please help.