[gnutls-devel] GnuTLS | certtool --generate-self-signed returns crt_sign: ASN1 parser: Value is not valid. (#1144)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Sat Feb 20 13:24:40 CET 2021 



Samuel Harmer commented:


Seeing this issue (via [msmtp](https://github.com/marlam/msmtp-mirror/issues/43)).

```
FreeBSD clang version 10.0.1 (git at github.com:llvm/llvm-project.git llvmorg-10.0.1-0-gef32c611aa2)
Target: x86_64-unknown-freebsd12.2
Thread model: posix
InstalledDir: /usr/bin
```

* [GnuTLS 3.6.15](https://www.freshports.org/security/gnutls/) (using package/[r547781](https://svnweb.freebsd.org/changeset/ports/547781))
* [libtasn1 4.16.0_1](https://www.freshports.org/security/libtasn1/) (using package/[r561219](https://svnweb.freebsd.org/changeset/ports/561219))

`certtool -i --infile=smtp-relay.gmail.com.txt` with [smtp-relay.gmail.com.txt](/uploads/234458182f2a41e43bce1c6a6716a150/smtp-relay.gmail.com.txt)

```
X.509 Certificate Information:
        Version: 3
        Serial Number (hex): 0f40f2bf1a5ccc580300000000cb4080
        Issuer: CN=GTS CA 1O1,O=Google Trust Services,C=US
        Validity:
                Not Before: Tue Jan 26 09:05:20 UTC 2021
                Not After: Tue Apr 20 09:05:19 UTC 2021
        Subject: CN=smtp-relay.gmail.com,O=Google LLC,L=Mountain View,ST=California,C=US
        Subject Public Key Algorithm: EC/ECDSA
        Algorithm Security Level: High (256 bits)
                Curve:  SECP256R1
                X:
                        20:b0:68:e8:19:95:b3:01:03:d5:42:a2:a8:38:86:e5
                        65:3d:9f:2b:e5:1c:c3:fe:3b:93:69:9d:af:27:50:8b
                Y:
                        25:f3:66:ce:f1:26:99:ec:83:45:b6:ee:4e:3e:42:77
                        3a:81:e5:23:47:ea:8e:e4:1a:12:fd:b4:ac:b2:60:4d
        Extensions:
                Key Usage (critical):
                        Digital signature.
                Key Purpose (not critical):
                        TLS WWW Server.
                Basic Constraints (critical):
                        Certificate Authority (CA): FALSE
                Subject Key Identifier (not critical):
                        360be30736691791a438eef83b0812d489d53510
                Authority Key Identifier (not critical):
                        98d1f86e10ebcf9bec609f18901ba0eb7d09fd2b
                Authority Information Access (not critical):
                        Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp)
                        Access Location URI: http://ocsp.pki.goog/gts1o1core
                        Access Method: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers)
                        Access Location URI: http://pki.goog/gsr2/GTS1O1.crt
                Subject Alternative Name (not critical):
                        DNSname: smtp-relay.gmail.com
                Certificate Policies (not critical):
                        2.23.140.1.2.2 (CA/B Organization Validated)
                        1.3.6.1.4.1.11129.2.5.3
                CRL Distribution points (not critical):
                        URI: http://crl.pki.goog/GTS1O1core.crl
                Unknown extension 1.3.6.1.4.1.11129.2.4.2 (not critical):
                        ASCII: ......v.D.e...... at ....(.......1.?.3........w>'.O.....G0E.!..E..O.s.3.....i.7.UR..........7.. i.Wv at .3/.....2k.K.}n.x..Y...D-Zb.v..\./.w0".T..0.V..M..3.../ ..N.d....w>'.......G0E. T....-.Y..H....b+8..=..t..x......!....,... .......|s.gF...:........
                        Hexdump: 0481f200f00076004494652eb0eeceafc44007d8a8fe28c0dae682bed8cb31b53fd33396b5b681a8000001773e27a14f0000040300473045022100ef4503b24fbb73e23309c2b983b9698337945552d6c11bb9d4c38711028137fe022069e2577640af332fc984acd81a326bac4bef7d6e8c78c1165900f5d9442d5a62007600f65c942fd1773022145418083094568ee34d131933bfdf0c2f200bcc4ef164e3000001773e27a11e0000040300473045022054d6a28ef22d0a59f3da48adf2a21a622b38d1143d991974d70a78f79c1095ac022100828fac2c08ada820c8f70a998c84fb7c73946746b883d13a00b886e1bb041d83
        Signature Algorithm: RSA-SHA256
        Signature:
                51:bd:cf:2b:d3:08:ee:5a:68:6b:00:76:b3:31:dc:cc
                36:ed:c3:d3:6c:16:42:7a:15:9e:95:e3:f3:e1:a3:67
                4b:ae:f7:d5:bf:6f:ff:eb:10:98:0c:ee:3b:f8:61:1a
                d8:80:c6:00:f3:40:eb:54:15:61:7f:c3:de:7e:1b:a7
                66:93:c4:69:1e:e5:b1:bd:40:54:51:5a:32:cd:a6:29
                08:b8:bd:15:4f:ac:0d:2d:51:b4:79:e0:77:85:e4:2d
                0e:75:12:cc:70:da:b9:6e:51:e7:52:6d:53:75:1f:8e
                b4:38:3e:73:2d:29:1f:1c:3a:3a:0b:e3:cd:3f:79:5a
                c4:07:b4:7a:80:fe:b5:bc:0b:72:0f:d0:38:11:ad:aa
                21:81:3e:96:dc:c0:5d:e1:f1:9a:7d:76:21:b5:dc:7c
                80:66:b5:89:90:e6:c1:c7:8f:3c:13:08:f1:56:99:4a
                77:4e:d0:d8:f1:7f:c3:93:87:b8:e4:85:27:71:c8:9c
                1f:e5:64:16:2d:dd:cc:58:5b:c6:32:24:82:59:92:66
                19:6b:3e:17:d4:8c:d9:6c:20:e7:e7:39:07:bc:1f:dc
                8f:0d:3f:e1:53:9f:5e:7d:c0:da:8e:06:be:37:2a:54
                b6:47:06:90:a3:72:b2:f2:b2:42:4a:95:6e:e1:1d:b4
Other Information:
        Fingerprint:
error: get_fingerprint: ASN1 parser: Value is not valid.
        Public Key ID:
                sha1:1c2919c88f95eee4b06fbc8274ab22306e1039c4
                sha256:f7616f387c0ac33eb8b323cacd4638ef9aa8d2e1705fd1de53f4d88685a431e0
        Public Key PIN:
                pin-sha256:92FvOHwKwz64syPKzUY475qo0uFwX9HeU/TYhoWkMeA=
```

[objdump_-p_certtool.txt](/uploads/b8db1b62abb8163b3aa58e8a029496f8/objdump_-p_certtool.txt)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1144#note_513549011
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210220/3ab0b235/attachment-0001.html>

More information about the Gnutls-devel mailing list