[gnutls-devel] GnuTLS | certtool --generate-self-signed returns crt_sign: ASN1 parser: Value is not valid. (#1144)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Thu Jan 7 20:12:21 CET 2021 


Eirik Øverby created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1144



## Description of problem:
When using --generate-privkey with subsequent --generate-self-signed, certtool returns
crt_sign: ASN1 parser: Value is not valid.

## Version of gnutls used:
gnutls-3.6.15

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
FreeBSD (official package repos for 12.2, and self-built for 12.2 and CURRENT)

## How reproducible:
Every time

Steps to Reproduce:

 * echo "cn = localhost" > foo
 * certtool --generate-privkey --outfile key.pem
 * certtool --generate-self-signed --load-privkey key.pem --template foo --outfile cert.pem

## Actual results:
Adding -d 9999 -VVVVV, we get:

```
Generating a 3072 bit RSA private key...
Setting log level to 9999
Generating a self signed certificate...
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3995
|<3>| ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3945
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
X.509 Certificate Information:
	Version: 3
	Serial Number (hex): 1fbcd9fed9ca1aaedb8882209f96bcded324d777
	Validity:
		Not Before: Thu Jan 07 19:10:27 UTC 2021
		Not After: Fri Jan 07 19:10:27 UTC 2022
	Subject: CN=localhost
	Subject Public Key Algorithm: RSA
	Algorithm Security Level: High (3072 bits)
		Modulus (bits 3072):
			00:bd:80:78:84:48:61:ab:3b:5d:72:55:4f:af:88:9b
			17:0c:04:f9:13:b8:b1:89:d0:e2:9b:f2:dc:49:91:a5
			8f:f8:11:f0:06:40:c0:25:d5:43:a3:5b:99:fa:f6:a2
			06:00:7f:4c:c2:7c:6e:e5:3d:dd:7f:75:b9:71:83:7a
			a8:62:69:03:b1:2f:76:a1:21:bb:05:34:05:be:67:e2
			ed:be:ed:e0:c6:2f:18:7a:4e:85:97:81:50:79:9c:d9
			af:b1:ab:27:68:d1:3f:a9:94:22:ff:a8:eb:72:45:90
			c1:ac:ca:ef:c9:da:bb:2c:6d:a3:a4:f6:d1:3b:9d:bf
			d9:1a:c4:2f:2e:ed:8a:96:1c:fb:14:03:ca:8e:f5:51
			94:76:08:e0:75:d0:3d:36:ae:95:4f:56:73:4f:18:6f
			58:2b:94:01:a9:df:06:f0:c4:07:be:3e:bb:20:c6:dc
			7a:bb:6a:04:20:d4:9d:37:59:8c:47:cd:49:37:f7:cc
			18:92:4f:3c:6b:38:23:87:14:14:26:ff:98:b3:e0:9e
			a2:29:32:4f:27:1d:85:02:62:05:7d:45:a8:e4:eb:10
			dc:75:55:9a:32:d1:30:fb:a8:e2:3d:a9:05:85:38:c1
			0c:8d:c6:6d:10:3a:bc:9b:21:a9:21:c7:3a:21:be:b0
			e0:83:4c:35:44:dd:8b:4d:34:ac:18:d7:14:e6:64:fb
			43:cc:57:bd:d1:d6:85:73:16:25:e9:f0:3f:12:22:27
			51:ca:0c:85:b6:01:e1:60:4b:14:29:e3:41:0c:aa:b0
			48:c7:86:be:02:1a:36:87:b6:69:41:dd:ea:74:ee:41
			f7:2d:9e:1b:0d:c2:b9:5f:8c:d2:3a:e1:40:57:3f:2d
			51:bf:e1:12:92:ef:cb:b7:b8:05:2c:0c:e8:a9:66:1c
			b3:ea:64:90:d7:8b:24:c8:c1:e5:0f:15:94:63:46:ef
			a6:e8:9a:5f:80:34:26:b3:fc:73:fe:74:12:48:f3:83
			a7
		Exponent (bits 24):
			01:00:01
	Extensions:
		Basic Constraints (critical):
			Certificate Authority (CA): FALSE
		Subject Key Identifier (not critical):
			2d3b81b3d6373615164f93815555d2858201da81
Other Information:
	Public Key ID:
		sha1:2d3b81b3d6373615164f93815555d2858201da81
		sha256:eec2fd786efb96250a8ba29bfa132ec60aedd8e15eb650eb030a28866ef7fe60
	Public Key PIN:
		pin-sha256:7sL9eG77liUKi6Kb+hMuxgrt2OFetlDrAwoohm73/mA=



Signing certificate...
|<2>| signing structure using RSA-SHA256
|<3>| ASSERT: common.c[_gnutls_x509_der_encode]:855
|<3>| ASSERT: sign.c[_gnutls_x509_pkix_sign]:174
|<3>| ASSERT: x509_write.c[gnutls_x509_crt_privkey_sign]:1834
crt_sign: ASN1 parser: Value is not valid.
```

## Expected results:

A self-signed certificate.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1144
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210107/cdc43558/attachment-0001.html>

More information about the Gnutls-devel mailing list