[gnutls-devel] error: certificate policies import: ASN1 parser: Error in DER parsing

Tim Ruehsen tim.ruehsen at gmx.de
Thu Feb 11 15:25:18 CET 2016


On Debian SID (amd64), I recognize a ASN1 error with

$ gnutls-cli -V outlook.office365.com           
...
error: certificate policies import: ASN1 parser: Error in DER parsing.
...

$ gnutls-cli --version
gnutls-cli 3.4.9

I am not sure if it is a GnuTLS issue or if it is an underlying library 
(libtasn ?) or whatever.

Any idea ?

Regards, Tim


Processed 172 CA certificate(s).
Resolving 'outlook.office365.com'...
Connecting to '132.245.61.226:443'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
 - X.509 Certificate Information:
        Version: 3
        Serial Number (hex): 5a00020e4289e78c6958489ec1000100020e42
        Issuer: C=US,ST=Washington,L=Redmond,O=Microsoft 
Corporation,OU=Microsoft IT,CN=Microsoft IT SSL SHA2
        Validity:
                Not Before: Tue Oct 13 22:20:04 UTC 2015
                Not After: Thu Oct 12 22:20:04 UTC 2017
        Subject: C=US,ST=WA,L=Redmond,O=Microsoft Corporation,OU=Microsoft 
Corporation,CN=outlook.com
        Subject Public Key Algorithm: RSA
        Algorithm Security Level: Medium (2048 bits)
                Modulus (bits 2048):
                        00:e4:ff:c7:ed:b8:dd:9c:1f:a8:b9:17:12:3f:0a:cb
                        ee:20:b4:b2:f0:6d:9e:3a:49:db:41:2d:f6:16:6e:79
                        ba:8b:32:76:4e:e8:02:58:a4:bf:88:3c:07:da:e8:1e
                        46:b9:4a:fe:ea:06:d6:9f:f6:90:c5:75:1e:18:c7:72
                        e0:a9:26:65:fe:e9:58:76:94:e5:54:54:9b:69:87:a1
                        43:1c:7a:09:9c:d7:9a:14:b0:93:d7:1e:07:a4:b1:9a
                        a1:cf:e9:77:93:8f:f2:7f:ad:b0:04:bc:4a:10:37:ad
                        a8:fe:42:14:f6:1b:97:d1:a3:f1:ef:83:6d:85:4d:87
                        57:cf:58:b4:7b:93:27:57:39:b8:f7:fd:be:c3:7b:b4
                        04:d1:72:02:98:80:f4:16:f4:4b:ca:db:d6:23:f5:9f
                        1b:a0:42:9a:9b:48:26:9b:55:a2:f1:11:91:7c:a7:6d
                        62:35:7d:bc:a4:c1:68:d2:f1:bf:85:b5:be:45:7c:78
                        6e:25:86:ab:29:6b:d1:1e:8d:4c:2e:f9:3b:0f:6f:59
                        3e:5b:c7:47:03:2d:d2:ab:fc:9f:25:59:88:18:0b:fb
                        86:bf:75:85:67:50:02:aa:45:a0:44:77:78:d9:99:fe
                        1d:9f:51:c5:e6:41:77:b2:c6:bc:8d:b0:1f:8b:9b:78
                        e7
                Exponent (bits 24):
                        01:00:01
        Extensions:
                Key Usage (not critical):
                        Digital signature.
                        Key encipherment.
                        Data encipherment.
                Key Purpose (not critical):
                        TLS WWW Server.
                        TLS WWW Client.
                Unknown extension 1.2.840.113549.1.9.15 (not critical):
                        ASCII: 
0i0...*.H.........0...*.H.........0...`.H.e...*0...`.H.e...-0...`.H.e....0...`.H.e....0...
+....0...*.H.....
                        Hexdump: 
3069300e06082a864886f70d030202020080300e06082a864886f70d030402020080300b060960864801650304012a300b060960864801650304012d300b0609608648016503040102300b0609608648016503040105300706052b0e030207300a06082a864886f70d0307
                Subject Key Identifier (not critical):
                        9db0981c245ad49ded5153c4d7f6bab18d7b900f
                Authority Key Identifier (not critical):
                        51af24269cf468225780262b3b4662157b1ecca5
                CRL Distribution points (not critical):
                        URI: 
http://mscrl.microsoft.com/pki/mscorp/crl/msitwww2.crl
                        URI: 
http://crl.microsoft.com/pki/mscorp/crl/msitwww2.crl
                Authority Information Access (not critical):
                        Access Method: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers)
                        Access Location URI: 
http://www.microsoft.com/pki/mscorp/msitwww2.crt
                        Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp)
                        Access Location URI: http://ocsp.msocsp.com
error: certificate policies import: ASN1 parser: Error in DER parsing.
                Unknown extension 1.3.6.1.4.1.311.21.10 (not critical):
                        ASCII: 0.0...+.......0...+.......
                        Hexdump: 
3018300a06082b06010505070301300a06082b06010505070302
                Subject Alternative Name (not critical):
                        DNSname: outlook.com
                        DNSname: *.outlook.com
                        DNSname: office365.com
                        DNSname: *.office365.com
                        DNSname: *.live.com
                        DNSname: *.internal.outlook.com
                        DNSname: *.outlook.office365.com
                        DNSname: outlook.office.com
                        DNSname: attachment.outlook.office.net
                        DNSname: attachment.outlook.officeppe.net
                        DNSname: *.office.com
        Signature Algorithm: RSA-SHA256
        Signature:
                0d:4c:9c:84:be:af:71:b2:88:98:e0:db:e6:6c:c7:ba
                bd:e3:3e:3c:a2:f4:50:26:a2:06:eb:f7:3b:51:4c:ca
                ea:d1:05:90:87:a9:00:37:cb:b3:32:3e:cb:87:58:1b
                b1:8f:d6:3f:5e:e8:ad:9a:d5:2b:45:db:fb:44:8c:5d
                b5:20:0e:8d:4b:f2:13:88:e1:57:a1:2b:4b:41:9e:13
                23:54:9b:dc:82:10:a0:e7:96:72:1b:58:7f:62:88:41
                76:2f:40:9b:ad:5a:ec:e9:d6:07:11:50:7d:f1:b8:7c
                4a:af:e4:c5:94:88:9c:5a:a4:1c:72:70:58:cd:4a:95
                76:6f:76:22:19:47:a9:d8:d3:e2:42:88:62:33:c3:5c
                4c:be:18:c7:a1:f7:e8:76:09:50:20:8a:db:2e:64:77
                d5:2f:d5:7c:8a:4d:ed:ae:48:7a:a6:b1:a8:b5:c6:bf
                25:9d:3a:70:aa:fb:09:62:ff:63:3d:33:34:a9:23:be
                f4:c5:fe:92:7a:9b:85:2f:92:e8:52:26:86:99:61:4e
                11:8f:78:e3:5a:a8:f5:22:b3:fa:a4:3b:1c:f7:d6:1d
                e4:79:14:4a:45:2a:e3:13:7c:ca:10:ee:30:31:0a:51
                0f:c8:8d:14:f1:d7:39:d6:2f:34:c4:2f:06:5e:46:f0
                e4:da:de:31:5c:52:48:b0:6c:66:f2:3d:5a:2f:bf:8e
                c5:7c:6b:a4:ce:e1:0f:bd:68:99:06:b1:35:af:b8:9d
                85:2e:04:37:8f:a7:fd:40:73:fc:fb:4b:61:0f:81:10
                bf:18:c2:7f:50:d7:0a:7c:3f:c7:6a:df:28:d4:03:fb
                61:3e:d1:60:5e:c6:4a:a4:b1:70:41:8a:56:17:24:e5
                80:1a:42:c6:e3:8c:d7:6b:c7:c3:77:5a:8d:2a:be:ef
                c1:bc:94:46:53:bf:52:bd:68:09:00:47:e9:6d:01:63
                a8:5d:f1:d4:d4:7e:9a:51:2b:89:3b:ae:8e:a0:1e:85
                7f:10:61:d4:f0:28:d2:cc:25:21:79:66:27:24:18:d0
                a2:fa:49:41:01:dd:64:9a:f4:dd:63:7c:1f:dc:a6:0b
                05:07:d4:56:48:1a:d5:e2:e8:aa:65:ab:3c:b1:58:87
                3f:10:14:b1:7f:18:d8:8b:90:04:48:82:e0:0c:65:5e
                fb:bd:cd:07:97:d5:21:37:6c:32:12:70:6b:7e:39:8e
                75:92:83:ff:76:c8:32:15:b5:97:8f:68:0a:4c:61:16
                48:b7:10:3f:71:34:f0:f4:c4:40:4f:5b:bd:9b:c7:41
                f2:62:9e:c2:87:fd:6c:dd:76:51:fc:87:c5:68:a0:c1
Other Information:
        SHA1 fingerprint:
                a0476c0c30347a7a159a9ff50bcdbc84bdd3d166
        SHA256 fingerprint:
                a1c0266559141b2e70d6c65e1554b216ac7bd3b49f5fb06fc84a2c4cb964ef7a
        Public Key ID:
                8d168ddb5c566672875f2829029291c58867fbb4
        Public key's random art:
                +--[ RSA 2048]----+
                |   .oBo.    ..=o.|
                |  . *.. .o. o*o..|
                |   o .  o...o. ..|
                |    . .  B o    .|
                |     o .S +      |
                |      E.         |
                |                 |
                |                 |
                |                 |
                +-----------------+


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20160211/a3473a7c/attachment-0001.sig>


More information about the Gnutls-devel mailing list