help-gnutls
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnutls] Re: Key usage violation in certificate

From: Daniel Kahn Gillmor
Subject: Re: [Help-gnutls] Re: Key usage violation in certificate
Date: Mon, 01 Jun 2009 16:41:37 -0400
User-agent: Mozilla-Thunderbird 2.0.0.19 (X11/20090103) 
On 05/30/2009 07:05 PM, Roland Winkler wrote:

>               Unknown extension 2.16.840.1.113730.1.13 (not critical):
>                       ASCII: .!YaST Generated Server Certificate
>                       Hexdump: 
> 1621596153542047656e65726174656420536572766572204365727469666963617465
 [...]
>               Key Usage (not critical):
>                       Key encipherment.

this looks to have been created by YaST, and it seems to be set up
oddly: RFC 5280 suggests that the keyUsage extension SHOULD be critical,
and if the service was configured (maybe also by YaST), it should maybe
have been configured to match.

I've opened https://bugzilla.novell.com/show_bug.cgi?id=508844 to
suggest that YaST should behave differently.  Roland, if you can follow
up there with more details about how the cert in question was created
and how the service was configured, we might be able to prevent this
from tripping up other folks in the future.

Regards,

        --dkg

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]