On 2006-12-15 Felix Palmen [EMAIL PROTECTED] wrote:
* James Westby [EMAIL PROTECTED] [20061215 18:24]:
However I think there is still a bug. GnuTLS can create PKCS#8 keys
(certtool -p -8), so I think it should be able to read them. I just
generated one with the above command, and then
* Andreas Metzler [EMAIL PROTECTED] [20061217 12:42]:
| gnutls_certificate_set_x509_key_file - Used to set keys in a
[...]
| Currently only PKCS-1 encoded RSA and DSA private keys are accepted
| by this function.
Some gnutls functions seem to handle PKCS-8 automatically (e.g.
On (15/12/06 02:56), Felix Palmen wrote:
Hallo James,
The error was thrown from x509_b64.c:449. The reason was very obvious
then: My key just starts with -BEGIN PRIVATE KEY- (no RSA or
DSA).
After a little research, I found that this could mean it's in PKCS#8
format. Indeed, I
* James Westby [EMAIL PROTECTED] [20061215 18:24]:
However I think there is still a bug. GnuTLS can create PKCS#8 keys
(certtool -p -8), so I think it should be able to read them. I just
generated one with the above command, and then certtool -k failed with a
base64 decoding error.
At least,
Package: exim4-daemon-light
Version: 4.50-8sarge2
When trying to use the equifax key/cert, STARTTLS triggers the following
log:
2006-12-14 13:03:29 TLS error on connection from pd9e39091.dip.t-dialin.net
(palmen.homeip.net) [217.227.144.145] (cert/key setup:
On Thu, Dec 14, 2006 at 02:55:19PM +0100, Felix Palmen wrote:
Package: exim4-daemon-light
Version: 4.50-8sarge2
When trying to use the equifax key/cert, STARTTLS triggers the following
log:
2006-12-14 13:03:29 TLS error on connection from pd9e39091.dip.t-dialin.net
reopen 403072
thanks
On Thu, Dec 14, 2006 at 04:33:19PM +0100, Felix Palmen wrote:
* Marc Haber [EMAIL PROTECTED] [20061214 16:19]:
I just remembered the exim on my notebook (etch) and tested there.
Result is the same with the following versions:
libgcrypt11 1.2.3-2
libgnutls13 1.4.4-3
Hallo Marc,
* Marc Haber [EMAIL PROTECTED] [20061214 15:22]:
What happens when you use a current version of GnuTLS? Using exim 4.50
suggests that you're working on sarge, which has a rather old version
of gnutls.
I tried to do this right now, but found it would require to many
backports and
Hallo Marc,
* Marc Haber [EMAIL PROTECTED] [20061214 16:45]:
Ok. Can you please install gnutls-bin and try starting gnutls-serv
with the appropriate --x509keyfile and --x509certfile options. If that
gives the same error message, we have a gnutls-issue and this bug
needs to be reassigned
reassign #403072 libgnutls13
retitle #403072 gnutls cannot use equifax SSL cert/key: Base64 decoding error.
thanks
On Thu, Dec 14, 2006 at 05:22:33PM +0100, Felix Palmen wrote:
* Marc Haber [EMAIL PROTECTED] [20061214 16:45]:
Ok. Can you please install gnutls-bin and try starting gnutls-serv
On (14/12/06 17:42), Marc Haber wrote:
On Thu, Dec 14, 2006 at 05:22:33PM +0100, Felix Palmen wrote:
* Marc Haber [EMAIL PROTECTED] [20061214 16:45]:
Ok. Can you please install gnutls-bin and try starting gnutls-serv
with the appropriate --x509keyfile and --x509certfile options. If that
On (14/12/06 18:44), James Westby wrote:
Hi,
For a start I don't know how to create a Base64 encoded key, do you?
Ok, sorry for that one, I should have done some more research. PEM
format keys/certificates are base64 encoded. This is the default format
and the most common I think. Certainly
Sorry, I forgot to mention:
I obtained the backtrace using the experimental source package 1.6.0-1
and inserting an abort() in every place where a base64 decoding error
can occur.
--
| /\ ASCII Ribbon | Felix M. Palmen (Zirias)http://zirias.ath.cx/ |
| \ / Campaign Against | [EMAIL
Hallo James,
* James Westby [EMAIL PROTECTED] [20061214 18:44]:
Assuming that that tells us nothing could I provide you with an
instrumented GnuTLS library that will reveal the real problem? Looking
at the code there are many points that will throw this error, so first
it would be good to
Hallo James,
please forget the last infos, this backtrace was corrupted, I don't know
why. I got a correct backtrace by compiling the original upstream source
of 1.6.0 in developer-mode and running gdb with libtool.
The error was thrown from x509_b64.c:449. The reason was very obvious
then: My
15 matches
Mail list logo