[Bug 446392] New: SSL error: Key usage violation
jorton at redhat.com
Wed May 14 16:20:20 CEST 2008
I'm about to go on holiday so won't be able to look into this myself for
a week or so; Fedora 9 ships with GnuTLS 2.0.4, but I can reproduce this
with the slightly stale git checkout I had lying around, so I'd suspect
this is a GnuTLS cert validation bug?
$ ./bin/gnutls-cli svn.eionet.europa.eu
Connecting to '126.96.36.199:443'...
*** Fatal error: Key usage violation in certificate has been detected.
*** Handshake has failed
----- Forwarded message from bugzilla at redhat.com -----
From: bugzilla at redhat.com
To: jorton at redhat.com
Date: Wed, 14 May 2008 09:21:21 -0400
Subject: [Bug 446392] New: SSL error: Key usage violation
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: SSL error: Key usage violation
AssignedTo: jorton at redhat.com
QAContact: extras-qa at fedoraproject.org
Estimated Hours: 0.0
Description of problem: Doing 'svn update' to SSL-enabled http server with
selfsigned certificate generate error message: SSL error: Key usage violation in
certificate has been detected.
Version-Release number of selected component (if applicable):
svn co https://svn.eionet.europa.eu/repositories/Zope/trunk/Localizer
It is a public SVN repository
Steps to Reproduce:
1. svn co https://svn.eionet.europa.eu/repositories/Zope/trunk/Localizer
svn: PROPFIND request failed on '/repositories/Zope/trunk/Localizer'
svn: PROPFIND of '/repositories/Zope/trunk/Localizer': SSL negotiation failed:
SSL error: Key usage violation in certificate has been detected.
Localizer product checked out
The certificate for svn.eionet.europa.eu has the X509v3 Key Usage set to: Key
Encipherment, which is normal for SSL servers.
The svn.eionet.europa.eu has been in use for years, about two years with the
current certificate, and no such issue has arisen before.
In case you need to take a look. The certificate is signed with this CA:
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
----- End forwarded message -----
More information about the Gnutls-devel