[gnutls-devel] GnuTLS | Certtool error when generating a selfsigned x25519 certificate (#1524)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Fri Mar 1 08:44:31 CET 2024 



Iisakki Jaakkola commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1524#note_1796528096

I didn't know about this either. Here's what I get: (the potentially interesting stuff is at the last lines)

```bash
$ export GNUTLS_DEBUG_LEVEL=9                                                                                              
$ certtool --version                                                                                                      
gnutls[2]: Enabled GnuTLS 3.8.3 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel SHA was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator (AVX) was detected
gnutls[2]: cfg: loaded system config /etc/gnutls/config mtime 1705414038
certtool 3.8.3
Copyright (C) 2000-2023 Free Software Foundation, and others
This is free software. It is licensed for use, modification and
redistribution under the terms of the GNU General Public License,
version 3 or later <http://gnu.org/licenses/gpl.html>

Please send bug reports to:  <bugs at gnutls.org>            
$ certtool --generate-privkey --key-type=x25519 --outfile test-certificate.key
gnutls[2]: Enabled GnuTLS 3.8.3 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel SHA was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator (AVX) was detected
gnutls[2]: cfg: loaded system config /etc/gnutls/config mtime 1705414038
Generating a 256 bit ECDH (X25519) private key...
|<3>| ASSERT: privkey.c[gnutls_x509_privkey_get_seed]:2019
|<3>| ASSERT: privkey.c[gnutls_x509_privkey_get_seed]:2019
|<3>| ASSERT: pkcs7-crypt.c[_gnutls_pkcs_flags_to_schema]:215
|<2>| Selecting default encryption PBES2_AES_256 (flags: 33).
$ certtool --generate-self-signed --load-privkey test-certificate.key --outfile test-certificate.pem                      
gnutls[2]: Enabled GnuTLS 3.8.3 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel SHA was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator (AVX) was detected
gnutls[2]: cfg: loaded system config /etc/gnutls/config mtime 1705414038
Generating a self signed certificate...
|<3>| ASSERT: attributes.c[_x509_parse_attribute]:97
|<3>| ASSERT: attributes.c[_x509_parse_attribute]:163
Please enter the details of the certificate's distinguished name. Just press enter to ignore a field.

...skipping the questions here...

Is the above information ok? (y/N): y


Signing certificate...
|<3>| ASSERT: pubkey.c[gnutls_pubkey_get_preferred_hash_algorithm]:355
crt_get_preferred_hash_algorithm: GnuTLS internal error.
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1524#note_1796528096
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240301/89dd25ba/attachment-0001.html>

More information about the Gnutls-devel mailing list