Problem with DSA key signed CSRs

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Problem with DSA key signed CSRs

From:	Timo Gerke
Subject:	Problem with DSA key signed CSRs
Date:	Mon, 28 Jun 2010 17:52:16 +0200
User-agent:	Mozilla-Thunderbird 2.0.0.24 (X11/20100328)

Dear List,

I think I've discoverd an other bug.
Then I generate a CSR signed with an DSA key an verify the request
with openssl the verification fails.
I did:

a.1) certtool -p --dsa --disable-quick-random --outfile dsakey.pem
a.2) certtool --to-p8  --pkcs-cipher aes-256 --load-privkey dsakey.pem 
--outfile dsakey.p8
b) certtool -8q --load-privkey --load-privkey dsakey.pem --outfile newreq.pem 
c) openssl req -verify -noout -in newreq.csr

Error message is:
2936:error:0A071066:dsa routines:DSA_do_verify:bad q value:dsa_ossl.c:309:
2936:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP
lib:a_verify.c:168:

I used gnutls 2.10.0 and openssl 0.9.8g.
BTW the format autodectetion of certtool seems not to work properly.

regards,
Timo

[Prev in Thread]

Current Thread

[Next in Thread]

Problem with DSA key signed CSRs, Timo Gerke <=
- Re: Problem with DSA key signed CSRs, Nikos Mavrogiannopoulos, 2010/06/28
  - Re: Problem with DSA key signed CSRs, Timo Gerke, 2010/06/29
    - Re: Problem with DSA key signed CSRs, Nikos Mavrogiannopoulos, 2010/06/30

Prev by Date: Re: certtool: --pkcs-cipher option not working
Next by Date: Re: Problem with DSA key signed CSRs
Previous by thread: certtool: --pkcs-cipher option not working
Next by thread: Re: Problem with DSA key signed CSRs
Index(es):
- Date
- Thread