[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Generating EC keys with certtool
From: |
Fabrice Gautier |
Subject: |
Re: Generating EC keys with certtool |
Date: |
Thu, 10 Nov 2011 12:59:28 -0800 |
On Thu, Nov 10, 2011 at 12:08 PM, Nikos Mavrogiannopoulos
<address@hidden> wrote:
> On 11/10/2011 08:58 PM, Nikos Mavrogiannopoulos wrote:
>
>>>> What do you mean verify a CSR? Verify the self signature? That is being
>>>> done automatically when it is signed.
>>> Ah yes, I see that. Openssl has a command to verify without signing.
>>> The reason I'm not using certtool to generate the request is that I
>>> already had a script to generate certs using openssl. The only reason
>>> I used certtool for the key was that gnutls does not read openssl ec
>>> keys (Thats the issue I reported a few days ago).
>>> After investigating, it appears that the problem lies in gnutls
>>> generating a bad EC key on the BAD system. Both gnutls and openssl (on
>>> both GOOD and BAD systems) will happily generate a CSR using that bad
>>> key, but both will fail the verification when trying to sign the CSR.
>> Can you send me that (bad) key? What kind of system is the BAD system?
>
> I just noticed it was attached. It is indeed incorrect. Did you run
> "make check" on the gnutls source on that system? Could you provide
> information about the CPU (32-bit/64-bit, endianness etc.).
>
The bad systems are a MacBook Pro (Intel Core i7 / MacBokPro6,2) and a
Mac Pro (Quad-Core Intel Xeon / MacPro4,1), both running Snow Leopard
(10.6.8)
Those are using gnutls 3.0.7
Those register as x86_64-apple-darwin10.8.0
The good system is an iMac (Intel Core i7 / iMac12,2) running Lion (10.7.2)
This is with gnutls 3.0.5
This one register as x86_64-apple-darwin11.2.0
I had to disable assembly and hardware acceleration for nettle and
gnutls because assembly would not compile.
make check failed in all cases with "../gl/getopt.h:197: error:
redefinition of 'struct option'"
-- Fabrice
- Generating EC keys with certtool, Fabrice Gautier, 2011/11/10
- Re: Generating EC keys with certtool, Nikos Mavrogiannopoulos, 2011/11/10
- Re: Generating EC keys with certtool, Fabrice Gautier, 2011/11/10
- Re: Generating EC keys with certtool, Fabrice Gautier, 2011/11/10
- Re: Generating EC keys with certtool, Nikos Mavrogiannopoulos, 2011/11/10
- Re: Generating EC keys with certtool, Fabrice Gautier, 2011/11/10
- Re: Generating EC keys with certtool, Nikos Mavrogiannopoulos, 2011/11/10
- Re: Generating EC keys with certtool, Nikos Mavrogiannopoulos, 2011/11/10
- Re: Generating EC keys with certtool,
Fabrice Gautier <=
- Re: Generating EC keys with certtool, Fabrice Gautier, 2011/11/10
- Re: Generating EC keys with certtool, Nikos Mavrogiannopoulos, 2011/11/10
- Re: Generating EC keys with certtool, Fabrice Gautier, 2011/11/11
- RE: Generating EC keys with certtool, Hoyt, David, 2011/11/11
- Re: Generating EC keys with certtool, Nikos Mavrogiannopoulos, 2011/11/10