Re: Fatal error: Key usage violation in certificate has been detected

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fatal error: Key usage violation in certificate has been detected

From:	Nikos Mavrogiannopoulos
Subject:	Re: Fatal error: Key usage violation in certificate has been detected
Date:	Sat, 24 Oct 2009 04:11:42 +0300
User-agent:	Thunderbird 2.0.0.23 (X11/20090817)

Daniel Kahn Gillmor wrote:

>> And if it is the case (and I think that it IS the case), which possibles 
>> workarounds exist ?
> 
> Maybe there's a GnuTLS priority string you can set to disable usage flag
> checking as a workaround?  if there is, i couldn't find it here:
> 
>  
> http://www.gnu.org/software/gnutls/manual/html_node/Core-functions.html#gnutls_priority_set
> 
> seems like they should reall use a certificate with the right usage 
> flags set, though.

I can see that the certificate allow:
            X509v3 Key Usage:
                Key Encipherment

and that means it will issue key usage violation for all ciphersuites
except for RSA (not even DHE-RSA, just RSA). Thus the server sending
this certificate must be configured to disable all other ciphersuites.

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

Fatal error: Key usage violation in certificate has been detected, Goffredo Baroncelli, 2009/10/23
- Re: Fatal error: Key usage violation in certificate has been detected, Daniel Kahn Gillmor, 2009/10/23
  - Re: Fatal error: Key usage violation in certificate has been detected, Nikos Mavrogiannopoulos <=

Prev by Date: Re: Fatal error: Key usage violation in certificate has been detected
Next by Date: Re: TLS 1.2 server
Previous by thread: Re: Fatal error: Key usage violation in certificate has been detected
Next by thread: gnutls 2.8.5 release candidate: please test!
Index(es):
- Date
- Thread