[Help-gnutls] Re: GnuTLS generating invalid/corrupt certificates?

Simon Josefsson simon at josefsson.org
Fri Aug 10 15:35:22 CEST 2007 

Sam Morris <sam at robots.org.uk> writes:

> So, I finally had some time to look into this. I asked on the Apple-cdsa
> mailing list[0] and recieved a reply from someone who seems to work for
> Apple[1] that indicated that the problem is with my certificate; the
> Apple crypto libraries cannot parse it for some reason.
>
>  [0] http://lists.apple.com/archives/Apple-cdsa/2007/Aug/msg00009.html
>  [1] http://lists.apple.com/archives/Apple-cdsa/2007/Aug/msg00016.html
>
> I also had problems trying to get my certificate to import into a Sony
> Ericsson K800i mobile phone. For months I assumed it was a limitation of
> the phone itself (it would only bleat, "invalid certificate" at me, and
> Sony Ericsson's tech support service was worse than useless)...
>
> ... but today I sat down and generated a root certificate with OpenSSL,
> which imported fine into both the Mac OS Keychain software, and the
> K800i phone.
>
> So my conclusion is that GnuTLS is generating invalid/corrupt
> certificates, or at least, that it is using some part of the certificate
> that other X509 implementations don't commonly implement (although my
> original certificate did function correctly with OpenSSL, NSS and
> whatever Windows uses).
>
> To double-check, I generated a new root certificate with GnuTLS 1.4.4,
> and tried to import it into the Mac OS Keychain; I had exactly the same
> problem again. The command I used was:
>
>         certtool --generate-self-signed --load-privkey private-key --template CA.cfg
>
> Whereas CA.cfg contained:
>
>         organization = "Test Org"
>         country = GB
>         cn = "Test Org certificate authority"
>         serial = 0
>         expiration_days = 1825
>         ca
>         cert_signing_key
>         ocsp_signing_key
>
> I would file a bug about this, but I see that newer versions of GnuTLS
> are now available, and so it is possible that this bug has been fixed in
> a subsequent version. I no longer have the Mac to perform further
> testing with, so I can't currently create a certificate with 1.6 or 1.7
> and test with that instead. :(

Hi!  We did fix a problem that may have lead to problems like that in
1.6.2:

 ** Fix X.509 signing with RSA-PKCS#1 to set a NULL parameters fields.
 Before, we remove the parameters field, which resulted in a slightly
 different DER encoding which in turn caused signature verification
 failures of GnuTLS-generated RSA certificates in some other
 implementations (e.g., GnuPG 2.x's gpgsm).  Depending on which RFCs you
 read, this may or may not be correct, but our new behaviour appear to
 be consistent with other widely used implementations.

Essentially, earlier 'certtool' generated incorrect signatures on
certificates, although some libraries (e.g., OpenSSL) didn't notice it.
Your error messages aren't detailed enough to tell whether this is the
same problem, but there is a possibility that it is.

So, please try 1.6.2, and if the problem persist, please debug it
further, comparing all details of the working and non-working
certificates.

Thanks,
Simon

More information about the Gnutls-help mailing list