[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fatal error: Key usage violation in certificate has been detected
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: Fatal error: Key usage violation in certificate has been detected |
Date: |
Sat, 24 Oct 2009 04:11:42 +0300 |
User-agent: |
Thunderbird 2.0.0.23 (X11/20090817) |
Daniel Kahn Gillmor wrote:
>> And if it is the case (and I think that it IS the case), which possibles
>> workarounds exist ?
>
> Maybe there's a GnuTLS priority string you can set to disable usage flag
> checking as a workaround? if there is, i couldn't find it here:
>
>
> http://www.gnu.org/software/gnutls/manual/html_node/Core-functions.html#gnutls_priority_set
>
> seems like they should reall use a certificate with the right usage
> flags set, though.
I can see that the certificate allow:
X509v3 Key Usage:
Key Encipherment
and that means it will issue key usage violation for all ciphersuites
except for RSA (not even DHE-RSA, just RSA). Thus the server sending
this certificate must be configured to disable all other ciphersuites.
regards,
Nikos