This is an automated archive.

The original was posted on /r/openssl by /u/BeepityBoopityBot on 2023-07-04 08:18:19+00:00.


I have a PHP application (running on Amazon Linux via Bref on Lambda) which has been signing Apple passbooks no problem. I’ve trying to do various upgrades which includes moving to AWS Linux 2023 which uses OpenSSL 3.

Since then I’ve been getting these errors when I try to sign passbooks. It seems I get the first one first, then I refresh a few times and it becomes the second error.

error:0308010C:digital envelope routines::unsupported
error:0480006C:PEM routines::no start line

There is a “Apple Worldwide Developer Relations Certificate” which is a .pem file, and I’ve confirmed the start line with “BEGIN CERTIFICATE” is there. The signature algorithm of the certificate I’m using to sign is SHA-256 with RSA Encryption ( 1.2.840.113549.1.1.11 ).

I’m using this package to create the passbooks and this is the line which is failing.

I’ve tried updating the openSSL config in various ways (e.g. extending and including the original .cnf, copying the entire content in to a new one) and adding the following lines. This hasn’t made any difference.

[ provider_sect ]
default = default_sect
legacy = legacy_sect

[ default_sect ]
activate = 1

[legacy_sect]
activate = 1

Do I maybe need to add/change more of the config to support these? Could the algorithms maybe not be installed?

I’ve been struggling with this for days, so any help would be very much appreciated!