Bug#403887: marked as done (libgnutls failes to parse OpenSSL generated certificates)

Sun, 15 Apr 2007 08:02:10 -0700 

Your message dated Sun, 15 Apr 2007 14:01:20 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Bug#403887: libgnutls failes to parse OpenSSL generated 
certificates
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: libgnutls13
Version: 1.4.4-3

libgnutls refuses to parse the subject of certificates created by
OpenSSL which have a userid attribute in their subject, i.e. oid
0.9.2342.19200300.100.1.1.  Output of "certtool -i":

|<1>| Found OID: '0.9.2342.19200300.100.1.1' with value
 '13066d6c61626962'
get_dn: ASN1 parser: Error in TAG.

gnutls generates certificates with an "ia5String" uid, while OpenSSL
generates a "printableString".  The latter violates gnutls'
lib/pkix.asn which states:

 -- LDAP stuff
 -- may not be correct
 [...]
 ldap-UID ::= IA5String

Which is indeed not correct.  ldap-UID should be a DirectoryString.

--- End Message ---
--- Begin Message --- 
Version: 1.6.1-2

On 2006-12-20 Max Kellermann <[EMAIL PROTECTED]> wrote:
> tag 403887 patch
> thanks

> On 2006/12/20 13:53, Max Kellermann <[EMAIL PROTECTED]> wrote:
> >  -- LDAP stuff
> >  -- may not be correct
> >  [...]
> >  ldap-UID ::= IA5String
> > 
> > Which is indeed not correct.  ldap-UID should be a DirectoryString.

> Here is a patch for this bug.  I had to add IA5String to the
> DirectoryString CHOICE.  This is obviously incorrect, but seems to be
> the only way to ensure that certificates generated by certtool can
> also be parsed.  Please correct me if there is a better solution.
[...]

Hello,
your patch is part of upstream's 1.6.1 release which has been uploaded
to sid as 1.6.1-2.
cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

--- End Message ---

Reply via email to