[gnutls-dev] [solved?] _gnutls_x509_cert2gnutls_cert fails on FreeBSD

Gergely Nagy algernon@bonehunter.rulez.org
Wed Apr 23 11:45:02 2003


Interestingly enough, I grabbed the 0.8.6 sources from ftp.gnutls.org,
compiled it like this:

./configure --prefix=/usr/local/gnutls8
$EDITOR lib/gnutls_int.h (#define DEBUG and X509_DEBUG)
make && make install

Then linked my app to it, and it worked *duh*:

(gdb) run -p 443 -o ssl
Starting program: /tmp/thy/thy-0.4.329/src/thy -p 443 -o ssl
X509_EXT: CERT[iluvatar.ath.cx]: Unsupported Extension: 2 5 29 35, FALSE
X509_EXT: CERT[iluvatar.ath.cx]: Unsupported Extension: 2 16 840 1 113730 1 13, FALSE
X509_EXT: CERT[iluvatar.ath.cx]: Unsupported Extension: 2 5 29 35, FALSE

I could even connect to it with the fresly compile gnutls-cli, and it
worked like a charm. With the one from the FreeBSD ports, the client
died with an ASN.1 parse alert, and the server reported a failed
handshake.

Compiling from FreeBSD ports still doesn't work, though they don't have
any kind of relevant patch - just one to configure, which is harmless.

If there is anything more I can try, please tell, I'd really like to
track this down..

Cheers,
-- 
Gergely Nagy