[gnutls-devel] GnuTLS | testcompat-main-openssl fails - 140270991812416:error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small:../ssl/ssl_rsa.c:310: (#572)

Sat Sep 22 18:08:04 CEST 2018

New Issue was created.

Issue 572: https://gitlab.com/gnutls/gnutls/issues/572
Author:    Andreas Metzler
Assignee:  

Hello,

with current GIT master ./testcompat-openssl.sh fails on Debian/sid (openssl 1.1.1-1), debugging I found that openssl throws an error in line 207
```
launch_bare_server $$ s_server -cipher "ALL" -quiet -www -accept "${PORT}" -keyform pem -certform pem -tls1 ${OPENSSL_DH_PARAMS_OPT} -key "${RSA_KEY}" -cert "${RSA_CERT}" -dkey "${DSA_KEY}" -dcert "${DSA_CERT}" -Verify 1 -CAfile "${CA_CERT}" >/dev/null 2>&1
```
Running manually shows the error:
```
(sid)ametzler at argenau:/tmp/GNUTLS/gnutls.git/tests/suite$ openssl s_server -cipher ALL -quiet -www -accept 35263 -keyform pem -certform pem -tls1 -key ./../../doc/credentials/x509/key-rsa.pem -cert ./../../doc/credentials/x509/cert-rsa.pem -dkey ./../cert-tests/data/dsa.1024.pem -dcert ./../cert-tests/data/cert.dsa.1024.pem -Verify 1 -CAfile ./../../doc/credentials/x509/ca.pem
error setting certificate
140207746884032:error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small:../ssl/ssl_rsa.c:310:
(sid)ametzler at argenau:/tmp/GNUTLS/gnutls.git/tests/suite$ echo $?
1
```

Shouldn't launch_bare_server test whether the command threw an error, BTW?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/572
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180922/0ebc62eb/attachment.html>