[gnutls-dev] libgnutls failes to parse OpenSSL generated certificates
max at duempel.org
Wed Dec 20 13:53:09 CET 2006
libgnutls refuses to parse the subject of certificates created by
OpenSSL which have a userid attribute in their subject, i.e. oid
0.9.2342.19200300.100.1.1. Output of "certtool -i":
|<1>| Found OID: '0.9.2342.19200300.100.1.1' with value
get_dn: ASN1 parser: Error in TAG.
gnutls generates certificates with an "ia5String" uid, while OpenSSL
generates a "printableString". The latter violates gnutls'
lib/pkix.asn which states:
-- LDAP stuff
-- may not be correct
ldap-UID ::= IA5String
Which is indeed not correct. ldap-UID should be a DirectoryString.
More information about the Gnutls-devel