openssl pkcs12 -clcerts -nokeys报错

001EC0E501000000:error:0308010C:digital envelope
routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:341:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
expect: spawn id exp6 not open

----------开发证书----------
spawn openssl pkcs12 -clcerts -nokeys -out dev_cer.pem -in dev_cer.p12
Enter Import Password:
Error outputting keys and certificates
001EC0E501000000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:341:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
expect: spawn id exp6 not open
    while executing
"expect eof"

过错分析

今天遇到这儿的报错，细心看一下报错信息，是两个过错问题：
第一个问题是
openssl pkcs12 报错001EC0E501000000:error:0308010C:digital envelop
第二个问题是expect: spawn id exp6 not open while executing
“expect eof”

我的脚本代码大概是下面这样的：

#!/bin/bash
set -e
password=$1
function buildPem() {
  set cerFile=$1
  set keyFile=$2
  set outFile=$3
  if [ -e "${cerFile}.p12" ]&&[ -e "${keyFile}.p12" ];then
    expect << AA
      spawn openssl pkcs12 -clcerts -nokeys -out $cerFile.pem -in $cerFile.p12
      expect "Enter Import Password:" {send "$password\r"}
      expect "MAC verified OK"
      expect eof
AA
  fi
}
buildPem dev_cer dev_key dev

第一个指令拿出来操作如下：
openssl pkcs12 -clcerts -nokeys -out dev_cer.pem -in dev_cer.p12

openssl pkcs12 -clcerts -nokeys -out dev_cer.pem -in dev_cer.p12
Enter Import Password:
Error outputting keys and certificates
001EC0E501000000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:341:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()

全网查找了一遍，说是加一个-legacy

openssl pkcs12 -clcerts -nokeys -out dev_cer.pem -in dev_cer.p12 -legacy
运行如下：

openssl pkcs12 -clcerts -nokeys -out dev_cer.pem -in dev_cer.p12 -legacy
Enter Import Password:

果然是没有报错。在当时目录生成了 dev_cer.pem 文件。

那么加上这个-legacy继续回到上面的buildPem函数
运行之后同样还是报错，这儿是第二个过错:

 sh buildPem.sh 1
----------开发证书----------
spawn openssl pkcs12 -clcerts -nokeys -out dev_cer.pem -in dev_cer.p12 -legacy
Enter Import Password:
expect: spawn id exp6 not open
    while executing
"expect eof"

解决方法

关于这个 expect: spawn id exp6 not open 没有找到方法。 看到其他人在运用 expect &spawn 指令时候，用的shell环境是bash

而我本机当时是zsh

echo $0
-zsh

检查本机一切安装的shells

cat /etc/shells
# List of acceptable shells for chpass(1).
# Ftpd will not allow users to connect who are not using
# one of these shells.
/bin/bash
/bin/csh
/bin/dash
/bin/ksh
/bin/sh
/bin/tcsh
/bin/zsh

修正为bash环境

chsh -s /bin/bash
Changing shell for huc.
Password for huc: 

履行修正shells环境指令后，需求封闭当时终端，从头打开新的终端。
运用echo $0检查，已经替换为bash环境了。

echo $0
-bash

从头履行上面的buildPem脚本方法看看：
可以了履行成功:

 sh buildPem.sh 1
----------开发证书----------
spawn openssl pkcs12 -clcerts -nokeys -out dev_cer.pem -in dev_cer.p12
Enter Import Password:
MAC verified OK
spawn openssl pkcs12 -nocerts -out dev_key_temp.pem -in dev_key.p12
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
spawn openssl rsa -in dev_key_temp.pem -out dev_key.pem
Enter pass phrase for dev_key_temp.pem:
writing RSA key
----------发布证书----------
spawn openssl pkcs12 -clcerts -nokeys -out dis_cer.pem -in dis_cer.p12
Enter Import Password:
MAC verified OK
spawn openssl pkcs12 -nocerts -out dis_key_temp.pem -in dis_key.p12
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:1234
spawn openssl rsa -in dis_key_temp.pem -out dis_key.pem
Enter pass phrase for dis_key_temp.pem:
writing RSA key
----------voip证书----------

成功了，既没有openssl解密的过错，也没有expect过错。

总结

经过本次一端shell脚本的运用学习。不只解决了openssl的报错问题，还让咱们知道了 expect 这个奇特的shell指令，expect是应用在自动化交互式操作的场景，即可以不需求手动从终端输入内容，本事例是不需求手动输入暗码，经过 send 自动从预先写好的文本串传输到需求接纳输入的指令中。这样还是挺便利的。