Linux distro upgrade potentially introduced bug in my project: InvalidData, error: ASN1Error

Hello! I am working on my very first Rust project. I am rewriting software I wrote in Python to Rust because of performance issues in Python.

I am running against a very particular problem. The very famous but it worked last week problem.

I have a function called create_connections which connects to an AMQP server (RabbitMQ). The connection uses TLS security. I have two files, a certificate.crt and a certificate.key file. I understand that I need to create a OwnedTLSConfig object and have the crt/key files formatted to DER.

I had this working last week and made a working connection to the external AMQP Server (I have no access to the management side of this server). But now when I run my code I get the following error:

2023-06-12T02:00:21.756652Z  INFO proj_rust: responder thread started
2023-06-12T02:00:21.756675Z  INFO proj_rust::amqp: create_connection
2023-06-12T02:00:21.756911Z  INFO proj_rust::amqp: connection_url: amqps://USER:PASS@URL:50060/app # details ommitted
thread '<unnamed>' panicked at 'connection error: IOError(Custom { kind: InvalidData, error: ASN1Error { kind: Invalid } })', src/
stack backtrace:

It looks like the response is an actual error message from the server saying that the data is malformed/invalid. Which is weird because nothing changed codewise. When I run the project in Python .with the same crt/key files it does connect properly and work as intended. The only thing that has changed is that I upgraded my linux distro from 20.04 to 22.04, so I assume that the issues must be introduced here but I have no clue where to start. I downgraded my rustc to the lowest version acceptable to lapin but with no success.

use lapin::{Channel, Connection, ConnectionProperties, Queue, Result};
use lapin::types::FieldTable;
use tracing::info;

pub async fn create_connection() -> Result<Connection> {
    let connection = Connection::connect_with_config(
    ).await.expect("connection error");

    info!("connection: {:?}", connection);
extern crate openssl;

use std::fs::File;
use std::io::Read;

use lapin::tcp::{OwnedIdentity, OwnedTLSConfig};
use openssl::pkcs12::Pkcs12;
use openssl::pkey::PKey;
use openssl::x509::X509;

pub fn get_tls_config(path_to_cert: &str, path_to_key: &str) -> OwnedTLSConfig {
    // Read in the certificate.
    let mut cert_file = File::open(path_to_cert).expect("Unable to open certificate file");
    let mut cert_data = vec![];
        .read_to_end(&mut cert_data)
        .expect("Unable to read certificate file");
    let cert = X509::from_pem(&cert_data).expect("Unable to parse certificate");
    // Read in the private key.
    let mut key_file = File::open(path_to_key).expect("Unable to open key file");
    let mut key_data = vec![];
        .read_to_end(&mut key_data)
        .expect("Unable to read key file");
    let key = PKey::private_key_from_pem(&key_data).expect("Unable to parse private key");
    // Create a PKCS12 archive.
    let password = "password";
    let name = "client"; // The friendly name for the certificate/key pair.
    let pkcs12 = Pkcs12::builder()
        .expect("Unable to create PKCS12 archive");
    // Convert the PKCS12 archive to DER format.
    let der = pkcs12
        .expect("Unable to convert PKCS12 archive to DER format");

    OwnedTLSConfig {
        identity: Some(OwnedIdentity {
            password: password.to_string(),
        cert_chain: None,

Ubuntu 20.04 -> 22.04 means OpenSSL was probably upgraded from 1.1.1 to 3.0.X.

No idea if it's applicable, but did you try to run cargo clean after upgrading Ubuntu version?

1 Like

I did the cargo clean indeed. I'll try to downgrade OpenSSL to 1.1.1. Thanks for the tip.

The issue is solved. The solution was to update cargo. Lesson learned :man_facepalming:

cargo clean
cargo update (!!!)
cargo build
cargo run

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.