[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] Key usage violation in certificate
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: [Help-gnutls] Key usage violation in certificate |
Date: |
Tue, 04 Nov 2008 08:25:50 +0200 |
User-agent: |
Thunderbird 2.0.0.17 (X11/20080925) |
Kevin P. Fleming wrote:
> Nikos Mavrogiannopoulos wrote:
>
>> It seems gnutls fails because the (client) certificate it uses for
>> authentication it doesn't support signing (and TLS client certificates
>> must support it).
>>
>> Check (with certtool -i) if the client certificate contains the
>> following lines:
>>
>> Key Usage (critical):
>> Digital signature.
>
> Yes, I used openssl's pkcs12 command to extract the cert from the .p12
> file that it lives in, then used 'certtool -i --infile cert.pem', and
> this is the output:
Could it be then that libneon selected a wrong certificate from the
pkcs12 file? Does it use gnutls_certificate_set_x509_simple_pkcs12_file()?
I quick glimpsed gnutls_certificate_set_x509_simple_pkcs12_file() and
looks very simple thus might add the first certificate no matter if it
corresponds to the key. In that case it is a gnutls bug and will be
fixed. (workaround: use a single certificate in the pkcs12 file).
regards,
Nikos
- Re: [Help-gnutls] Key usage violation in certificate,
Nikos Mavrogiannopoulos <=