Re: Problems with specific certificate/key (Debian Bug #426013)

[Mark Adams]

On Jan 3, 2008 2:36 AM, Marc Haber <address@hidden> wrote:

> Hi,
>
> Simon writes:
> > Appears to be an unreprodicible problem with a specific
> > certificate/key which the user cannot reveal. Another
> > certificate/key
> > from the same CA works fine. Theory: could it be CRLF problems?
> > Other
> > non-ASCII characters in the file? Nothing indicates a real GnuTLS
> > problem here.
> > Conclusion: Likely not a GnuTLS problem.
>
> I think that this conclusion was built too fast, but we do not have
> sufficient information to know this.
>
> The original reporter has said in the mean time that there are no
> non-ascii chars in the file and that there are no CRLF issues here.
> Currently, it is suspected that GnuTLS has issues with the fact that
> the certificate is a wildcard certificate.


>By reading this report, I'm really curious which gnutls version is used,
>and
>
>whether the gnutls-serv and exim are linked on the same version of
>gnutls.
>Does this occur if exim is linked on gnutls 2.2?
>

I'm using gnutls 2.0.4 at present (this is the current debian testing
version). Is it possibly a known issue with this version? I can not
install the new version at present, as this is a production server. I
will be able to test this if you think it will correct the issue.

For reference, gnutls-serv and gnutl-client work with this cert/key
pair. I can run the server fine using;

gnutls-serv --debug 5 --x509keyfile myhost_net.key --x509certfile myhost_net.crt

And the client can connect using;

gnutls-cli -p 5556 mail.myhost.net

however, when using certtool -i < my key file failes with the base 64
decoding error.

certtool: Import error: Base64 decoding error.


>
>regards,
>Nikos

Thanks for your interest,

Regards
Mark