<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<p class="details" style="font-style: italic; color: #666;">
<a href="https://gitlab.com/ltning">Eirik Øverby</a> created an issue <a href="https://gitlab.com/gnutls/gnutls/-/issues/1144">#1144</a>:
</p>
<div></div>
<h2 dir="auto">
<a id="user-content-description-of-problem" class="anchor" href="#description-of-problem" aria-hidden="true"></a>Description of problem:</h2>
<p dir="auto">When using --generate-privkey with subsequent --generate-self-signed, certtool returns
crt_sign: ASN1 parser: Value is not valid.</p>
<h2 dir="auto">
<a id="user-content-version-of-gnutls-used" class="anchor" href="#version-of-gnutls-used" aria-hidden="true"></a>Version of gnutls used:</h2>
<p dir="auto">gnutls-3.6.15</p>
<h2 dir="auto">
<a id="user-content-distributor-of-gnutls-eg-ubuntu-fedora-rhel" class="anchor" href="#distributor-of-gnutls-eg-ubuntu-fedora-rhel" aria-hidden="true"></a>Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)</h2>
<p dir="auto">FreeBSD (official package repos for 12.2, and self-built for 12.2 and CURRENT)</p>
<h2 dir="auto">
<a id="user-content-how-reproducible" class="anchor" href="#how-reproducible" aria-hidden="true"></a>How reproducible:</h2>
<p dir="auto">Every time</p>
<p dir="auto">Steps to Reproduce:</p>
<ul dir="auto">
<li>echo "cn = localhost" > foo</li>
<li>certtool --generate-privkey --outfile key.pem</li>
<li>certtool --generate-self-signed --load-privkey key.pem --template foo --outfile cert.pem</li>
</ul>
<h2 dir="auto">
<a id="user-content-actual-results" class="anchor" href="#actual-results" aria-hidden="true"></a>Actual results:</h2>
<p dir="auto">Adding -d 9999 -VVVVV, we get:</p>
<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">Generating a 3072 bit RSA private key...</span>
<span id="LC2" class="line" lang="plaintext">Setting log level to 9999</span>
<span id="LC3" class="line" lang="plaintext">Generating a self signed certificate...</span>
<span id="LC4" class="line" lang="plaintext">|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60</span>
<span id="LC5" class="line" lang="plaintext">|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60</span>
<span id="LC6" class="line" lang="plaintext">|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60</span>
<span id="LC7" class="line" lang="plaintext">|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60</span>
<span id="LC8" class="line" lang="plaintext">|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60</span>
<span id="LC9" class="line" lang="plaintext">|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60</span>
<span id="LC10" class="line" lang="plaintext">|<3>| ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3995</span>
<span id="LC11" class="line" lang="plaintext">|<3>| ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3945</span>
<span id="LC12" class="line" lang="plaintext">|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60</span>
<span id="LC13" class="line" lang="plaintext">|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60</span>
<span id="LC14" class="line" lang="plaintext">|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60</span>
<span id="LC15" class="line" lang="plaintext">|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60</span>
<span id="LC16" class="line" lang="plaintext">|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60</span>
<span id="LC17" class="line" lang="plaintext">|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60</span>
<span id="LC18" class="line" lang="plaintext">X.509 Certificate Information:</span>
<span id="LC19" class="line" lang="plaintext"> Version: 3</span>
<span id="LC20" class="line" lang="plaintext"> Serial Number (hex): 1fbcd9fed9ca1aaedb8882209f96bcded324d777</span>
<span id="LC21" class="line" lang="plaintext"> Validity:</span>
<span id="LC22" class="line" lang="plaintext"> Not Before: Thu Jan 07 19:10:27 UTC 2021</span>
<span id="LC23" class="line" lang="plaintext"> Not After: Fri Jan 07 19:10:27 UTC 2022</span>
<span id="LC24" class="line" lang="plaintext"> Subject: CN=localhost</span>
<span id="LC25" class="line" lang="plaintext"> Subject Public Key Algorithm: RSA</span>
<span id="LC26" class="line" lang="plaintext"> Algorithm Security Level: High (3072 bits)</span>
<span id="LC27" class="line" lang="plaintext"> Modulus (bits 3072):</span>
<span id="LC28" class="line" lang="plaintext"> 00:bd:80:78:84:48:61:ab:3b:5d:72:55:4f:af:88:9b</span>
<span id="LC29" class="line" lang="plaintext"> 17:0c:04:f9:13:b8:b1:89:d0:e2:9b:f2:dc:49:91:a5</span>
<span id="LC30" class="line" lang="plaintext"> 8f:f8:11:f0:06:40:c0:25:d5:43:a3:5b:99:fa:f6:a2</span>
<span id="LC31" class="line" lang="plaintext"> 06:00:7f:4c:c2:7c:6e:e5:3d:dd:7f:75:b9:71:83:7a</span>
<span id="LC32" class="line" lang="plaintext"> a8:62:69:03:b1:2f:76:a1:21:bb:05:34:05:be:67:e2</span>
<span id="LC33" class="line" lang="plaintext"> ed:be:ed:e0:c6:2f:18:7a:4e:85:97:81:50:79:9c:d9</span>
<span id="LC34" class="line" lang="plaintext"> af:b1:ab:27:68:d1:3f:a9:94:22:ff:a8:eb:72:45:90</span>
<span id="LC35" class="line" lang="plaintext"> c1:ac:ca:ef:c9:da:bb:2c:6d:a3:a4:f6:d1:3b:9d:bf</span>
<span id="LC36" class="line" lang="plaintext"> d9:1a:c4:2f:2e:ed:8a:96:1c:fb:14:03:ca:8e:f5:51</span>
<span id="LC37" class="line" lang="plaintext"> 94:76:08:e0:75:d0:3d:36:ae:95:4f:56:73:4f:18:6f</span>
<span id="LC38" class="line" lang="plaintext"> 58:2b:94:01:a9:df:06:f0:c4:07:be:3e:bb:20:c6:dc</span>
<span id="LC39" class="line" lang="plaintext"> 7a:bb:6a:04:20:d4:9d:37:59:8c:47:cd:49:37:f7:cc</span>
<span id="LC40" class="line" lang="plaintext"> 18:92:4f:3c:6b:38:23:87:14:14:26:ff:98:b3:e0:9e</span>
<span id="LC41" class="line" lang="plaintext"> a2:29:32:4f:27:1d:85:02:62:05:7d:45:a8:e4:eb:10</span>
<span id="LC42" class="line" lang="plaintext"> dc:75:55:9a:32:d1:30:fb:a8:e2:3d:a9:05:85:38:c1</span>
<span id="LC43" class="line" lang="plaintext"> 0c:8d:c6:6d:10:3a:bc:9b:21:a9:21:c7:3a:21:be:b0</span>
<span id="LC44" class="line" lang="plaintext"> e0:83:4c:35:44:dd:8b:4d:34:ac:18:d7:14:e6:64:fb</span>
<span id="LC45" class="line" lang="plaintext"> 43:cc:57:bd:d1:d6:85:73:16:25:e9:f0:3f:12:22:27</span>
<span id="LC46" class="line" lang="plaintext"> 51:ca:0c:85:b6:01:e1:60:4b:14:29:e3:41:0c:aa:b0</span>
<span id="LC47" class="line" lang="plaintext"> 48:c7:86:be:02:1a:36:87:b6:69:41:dd:ea:74:ee:41</span>
<span id="LC48" class="line" lang="plaintext"> f7:2d:9e:1b:0d:c2:b9:5f:8c:d2:3a:e1:40:57:3f:2d</span>
<span id="LC49" class="line" lang="plaintext"> 51:bf:e1:12:92:ef:cb:b7:b8:05:2c:0c:e8:a9:66:1c</span>
<span id="LC50" class="line" lang="plaintext"> b3:ea:64:90:d7:8b:24:c8:c1:e5:0f:15:94:63:46:ef</span>
<span id="LC51" class="line" lang="plaintext"> a6:e8:9a:5f:80:34:26:b3:fc:73:fe:74:12:48:f3:83</span>
<span id="LC52" class="line" lang="plaintext"> a7</span>
<span id="LC53" class="line" lang="plaintext"> Exponent (bits 24):</span>
<span id="LC54" class="line" lang="plaintext"> 01:00:01</span>
<span id="LC55" class="line" lang="plaintext"> Extensions:</span>
<span id="LC56" class="line" lang="plaintext"> Basic Constraints (critical):</span>
<span id="LC57" class="line" lang="plaintext"> Certificate Authority (CA): FALSE</span>
<span id="LC58" class="line" lang="plaintext"> Subject Key Identifier (not critical):</span>
<span id="LC59" class="line" lang="plaintext"> 2d3b81b3d6373615164f93815555d2858201da81</span>
<span id="LC60" class="line" lang="plaintext">Other Information:</span>
<span id="LC61" class="line" lang="plaintext"> Public Key ID:</span>
<span id="LC62" class="line" lang="plaintext"> sha1:2d3b81b3d6373615164f93815555d2858201da81</span>
<span id="LC63" class="line" lang="plaintext"> sha256:eec2fd786efb96250a8ba29bfa132ec60aedd8e15eb650eb030a28866ef7fe60</span>
<span id="LC64" class="line" lang="plaintext"> Public Key PIN:</span>
<span id="LC65" class="line" lang="plaintext"> pin-sha256:7sL9eG77liUKi6Kb+hMuxgrt2OFetlDrAwoohm73/mA=</span>
<span id="LC66" class="line" lang="plaintext"></span>
<span id="LC67" class="line" lang="plaintext"></span>
<span id="LC68" class="line" lang="plaintext"></span>
<span id="LC69" class="line" lang="plaintext">Signing certificate...</span>
<span id="LC70" class="line" lang="plaintext">|<2>| signing structure using RSA-SHA256</span>
<span id="LC71" class="line" lang="plaintext">|<3>| ASSERT: common.c[_gnutls_x509_der_encode]:855</span>
<span id="LC72" class="line" lang="plaintext">|<3>| ASSERT: sign.c[_gnutls_x509_pkix_sign]:174</span>
<span id="LC73" class="line" lang="plaintext">|<3>| ASSERT: x509_write.c[gnutls_x509_crt_privkey_sign]:1834</span>
<span id="LC74" class="line" lang="plaintext">crt_sign: ASN1 parser: Value is not valid.</span></code></pre>
<h2 dir="auto">
<a id="user-content-expected-results" class="anchor" href="#expected-results" aria-hidden="true"></a>Expected results:</h2>
<p dir="auto">A self-signed certificate.</p>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/issues/1144">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/-/sent_notifications/884bc0a6eaefda0e793438f159bc45d9/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/-/issues/1144"}}</script>
</p>
</div>
</body>
</html>