On Wed, 10 Oct 2012 20:16:34 +0200 Nikos Mavrogiannopoulos <[email protected]> wrote:
> On 10/09/2012 11:18 PM, MK wrote: > > I just started using gnuTLS, and one of the first things I needed > > to do was incorporate a certificate with encrypted key generated by > > openSSL. This seemed like a very simple task, here's a minimal > > reproduction of the technique I used to decrypt the original key: > > Ouch. It seems there was a bug in the openssl key import. I've > committed a fix and added a test case: > http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=f16ef39ef0303b02d7fa590a37820440c466ce8d > > Could you try whether this solves the issue you see? I did, but no such luck. Since this certificate isn't used online now, I can give you the offending key: -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,796F30DEA7F15E31 hBun6pD+9XVA4XoHZ58k339vRvJpT/7nCx0/TInkbxSLyGY/WPAeyRdiF/UGQOl9 04RDRrvilarqVk/DaLCzyrUv2bGtTPcvD3SK5lfoqqz+1ASBFyfNn9pQ0LNIfF7S l55bZgTAYGxgQgCTJeAF9rfVu2kCMLVJbyvOfDf3a+h+PeDTyQheszOams5EWlv9 nXJbzGwYmok4ifGP3iIDvIxDbPCbbrbaK7fUY2NdXQeXm1A6098hHnifTjAzI3kQ 4k8+fuAuyLdwobom6fdHxGwQyUvKoxfjReOf1qE7O8bvVJ6fSolP2sxyLRlmt9K5 cOtEh1yS8FMSK8Rt3URv8Bc+swfemMGObh7MgICCas+0NYdejFNA9ODBxrIqxMs7 H5iMJBHQZ9hV34C0qmpyb+BbkRf9xurrfg9ORZjPZ6YuEKsew+oOvlnzi/Q/nB0g lPwAZLjfoS2Osn9dtKFy3JC/i2IfnyKsoUP+zgJG+rOVUllpeL0w1O6wZ9CTudAB P9jWTuIhyWi9RhBTKnqN+aI1/Tn1V7GSnD9G6mQR4uQ3JXSFBnfn7Mr9c+p9Vcnb 2zJ3f4+szAu63Iklnq1tK4LFbhFmxuohe6jdEQiAlnp//aelok/m4bYXhMIuuVK1 cOWxCUV3z+5+s4txGohM/88Z1VGF2E0Twrignthov1epFQoZY9bAW9Px+6RwaFhd EMVayEPz+nwO8WepBArOVUpRzmH6pyo23NxZBQHVVW3ovyo48PTRKPNlN/aBtdC4 4l3xaS0zYVmW7j0txz+hkQSgkUsI6M0tuFKOkn4ue6g= -----END RSA PRIVATE KEY----- This was generated by openssl. Here's an interesting thing; there was a tiny discrepancy in the patch which made it fail on tests/Makefile.am: - mini-dtls-heartbeat mini-x509-callbacks + mini-dtls-heartbeat mini-x509-callbacks key-openssl In my 3.1.2 tarball, that line is just "mini-dtls-heartbeat", so I added the "mini-x509-callbacks". However, make check then failed with: make[3]: *** No rule to make target `mini-x509-callbacks.c', needed by `mini-x509-callbacks.o'. Stop. I don't have much experience with autotools, so I tried a couple other guesses but could not get it to apply. Sorry. > In general try to avoid the custom openssl format. The PKCS #8 format > is standardized and can be handled by more tools. Absolutely. It's actually not necessary for me to incorporate the openssl import, so no problem (for me, at least...). MK > > regards, > Nikos > -- "Enthusiasm is not the enemy of the intellect." (said of Irving Howe) "The angel of history[...]is turned toward the past." (Walter Benjamin) _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
