[gnutls-devel] GnuTLS | Valid CA certificate rejected by GnuTLS (#693)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Mon Feb 4 21:21:38 CET 2019

Thanks for the report. Just build your example and...
gnutls[2]: Enabled GnuTLS 3.6.5 logging...
gnutls[2]: getrandom random generator was detected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator (AVX) was detected
gnutls[2]: unable to access: /etc/gnutls/default-priorities: 2
gnutls[2]: signatureAlgorithm.algorithm differs from tbsCertificate.signature.algorithm: 1.2.840.113549.1.1.5, 1.2.840.113549.1.1.12
gnutls[3]: ASSERT: x509.c[compare_sig_algorithm]:328
gnutls[3]: ASSERT: x509.c[gnutls_x509_crt_import]:562
gnutls[3]: ASSERT: x509.c[gnutls_x509_crt_list_import]:3797
gnutls[3]: ASSERT: verify-high2.c[gnutls_x509_trust_list_add_trust_mem]:92
GnuTLS processed -43 roots

Looks like GnuTLS is too pedantic for this cert: `signatureAlgorithm.algorithm differs from tbsCertificate.signature.algorithm`.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/693#note_138165019
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190204/b36b9c0f/attachment.html>

More information about the Gnutls-devel mailing list