[sr #107540] iPhone/iPad TLS negotiation to postfix fails with certtool certs, works with openssl certs
Michael Rommel
INVALID.NOREPLY at gnu.org
Wed Dec 8 22:26:38 CET 2010
Follow-up Comment #11, sr #107540 (project gnutls):
Hello,
during debugging, I tried to apply the same patch in a second location for
the SignatureAlgorithm just after the Subject:
Line 1181 in lib/x509/common.c
/* result = asn1_write_value (dst, name, NULL, 0); */
result = asn1_write_value (dst, name, "x05x00", 2);
This turned out to work. Now the certificate is accepted and displayed for
acceptance.
RFC3279 states:
The ASN.1 object identifier used to identify this signature algorithm is:
sha-1WithRSAEncryption OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-1(1) 5 }
When any of these three OIDs appears within the ASN.1 type
AlgorithmIdentifier, the parameters component of that type SHALL be the ASN.1
type NULL.
It might be, that these two insertations are needed to conform to the
RFC3279.
Hopefully this does not break anything else.
Michael.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?107540>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
More information about the Gnutls-devel
mailing list