In an effort to harden openssl I used some configuration options to
remove some of the algorithm. The options I used are no-ssl2 no-bf
no-cast no-rc2 no-idea no-md2 no-mdc2 no-rc5 no-ec no-ripemd etc. I
build openssl 0.9.7a-43.10 on Linux.

When tried following function:

openssl pkcs12 -export -inkey my.key -in my.cer -out my.pfx -name
myname -passout pass:mypassword

It failed. Error message:

11979:error:06074079:digital envelope
routines:EVP_PBE_CipherInit:unknown pbe
algorithm:evp_pbe.c:89:TYPE=pbeWithSHA1And40BitRC2-CBC
11979:error:23077073:PKCS12 routines:PKCS12_pbe_cryptkcs12 algor
cipherinit error12_decr.c:83:
11979:error:2306C067:PKCS12 routines:PKCS12_i2d_encrypt:encrypt
error12_decr.c:167:
11979:error:23073067:PKCS12 routines:PKCS12_pack_p7encdata:encrypt
error12_add.c:182:

It looks like pkcs12 is trying to use/init RC2 and failed. Is RC2
hardcoded somewhere in pkcs functions? pbeWithSHA1And40BitRC2-CBC is
defined in nid_objs[149] regardless no-rc2 is used.

Can some one knows how pkcs works tell me how I can resolve this issue?

Thanks,

Sherry