Re: [Help-gnutls] Key usage violation in certificate

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnutls] Key usage violation in certificate

From:	Nikos Mavrogiannopoulos
Subject:	Re: [Help-gnutls] Key usage violation in certificate
Date:	Tue, 04 Nov 2008 08:25:50 +0200
User-agent:	Thunderbird 2.0.0.17 (X11/20080925)

Kevin P. Fleming wrote:
> Nikos Mavrogiannopoulos wrote:
> 
>> It seems gnutls fails because the (client) certificate it uses for
>> authentication it doesn't support signing (and TLS client certificates
>> must support it).
>>
>> Check (with certtool -i) if the client certificate contains the
>> following lines:
>>
>>      Key Usage (critical):
>>              Digital signature.
> 
> Yes, I used openssl's pkcs12 command to extract the cert from the .p12
> file that it lives in, then used 'certtool -i --infile cert.pem', and
> this is the output:

Could it be then that libneon selected a wrong certificate from the
pkcs12 file? Does it use gnutls_certificate_set_x509_simple_pkcs12_file()?

I quick glimpsed gnutls_certificate_set_x509_simple_pkcs12_file() and
looks very simple thus might add the first certificate no matter if it
corresponds to the key. In that case it is a gnutls bug and will be
fixed. (workaround: use a single certificate in the pkcs12 file).

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Help-gnutls] Key usage violation in certificate, Nikos Mavrogiannopoulos <=
- Re: [Help-gnutls] Key usage violation in certificate, Joe Orton, 2008/11/04
  - Re: [Help-gnutls] Key usage violation in certificate, Kevin P. Fleming, 2008/11/05

Prev by Date: Re: GnuTLS 2.7.1 fails to build
Next by Date: Re: [Help-gnutls] Key usage violation in certificate
Previous by thread: Re: GnuTLS 2.7.1 fails to build
Next by thread: Re: [Help-gnutls] Key usage violation in certificate
Index(es):
- Date
- Thread