Login/Register
OpenSSL error:02001002:system library:fopen:No such file or directory no key found, wrong pass phrase, or wrong file format, git bash vs cmd
Asked Answered
pythonbashcurlopensslmutual-authentication
B

1

11

I have an application which exposes the urls using mutual Authentication. Now I am writing a python script which uses Popen to run the curl command to connect to the application and gets me the required data. But when I run the python script I get following error.

curl: (58) could not load PEM client certificate, OpenSSL error error:02001002:system library:fopen:No such file or directory, (no key found, wrong pass phrase, or wrong file format?)

I am running the application on windows 7 machine. I have curl and openssl installed. The command that is run is given below

curl -v https://localhost:9400/<URL> -H "Connection:close" --cacert 'C:/local_cert/root.crt' --cert 'C:/local_cert/client.crt' --key 'C:/local_cert/client.key' --pass client_key_passwd

Now for testing I ran the same command in Git Bash for windows. I got the result successfully. But when I run the same command in Git Cmd for windows or Windows Cmd I get the same above error.

I have checked the paths to cert are correct, they are in PEM format, I have openssl and curl installed.For some reasons I cannot use Requests or urllib3 python pacakges and only can use curl. The above make me believe that there is some setting that Windows Cmd and Git Cmd for windows is missing some settings but I am not sure what it may be.

Beauvoir answered 30/4, 2020 at 18:47 Comment(3)
Just for clarity the root.crt is self signed certificate which was used to sign client crt. Both were generated using openssl and windows CLI.Beauvoir
Don't know anything about certificates in curl, but shouldn't you use backslashes? aka C:\local_cert\root.crt instead of C:/local_cert/root.crtDanyelledanyette
Using the forward slashes is unix style of specifying paths. Its a platform neutral way , in the sense that windows system too honors this way of specifying pathsBeauvoir
B
2

After trying lot of things I finally figured out the answer. The error said no file found, wrong passphrase or wrong format. Since the command worked in git bash I was sure that its not a issue with file or passphrase. Concentrating on no file found I found below link

Windows PATH to posix path conversion in bash

which gave me an idea that may be the way I am specifying the path is incorrect depending on which version of curl we are using. So after trying various combination I found that if you use plain curl in git bash following both cmd will work

curl -v https://localhost:9400/<URL> -H "Connection:close" --cacert 'C:/local_cert/root.crt' --cert 'C:/local_cert/client.crt' --key 'C:/local_cert/client.key' --pass client_key_passwd

and

curl -v https://localhost:9400/<URL> -H "Connection:close" --cacert C:/local_cert/root.crt --cert C:/local_cert/client.crt --key C:/local_cert/client.key --pass client_key_passwd

But in windows Cmd or when calling curl from python only following cmd will work

curl -v https://localhost:9400/<URL> -H "Connection:close" --cacert C:/local_cert/root.crt --cert C:/local_cert/client.crt --key C:/local_cert/client.key --pass client_key_passwd

So In nutshell it was a issue with quotes because the way your curl utility is called and which version of curl is used (compiled for windows or not) the interpretation of quotes will be different.

Beauvoir answered 11/5, 2020 at 14:19 Comment(1)
your 2 last commands look the same for me. Why one work and not the other?Significance

© 2022 - 2024 — McMap. All rights reserved.