[Help-gnutls] Re: Error making certificate

Simon Josefsson simon at josefsson.org
Mon Mar 12 16:52:14 CET 2007

devel <dev001 at pas-world.com> writes:

> certtool (GnuTLS) 1.6.1
> linux x64
>> certtool -q --outfile new-user.csr
> Certificate request data input in a shell, certtool ask for it.

Thanks!  I can reproduce it.  It seems pkix_asn1_tab.c wasn't
re-generated after fixing the following problem in 1.6.1:

 ** Encode UID fields in DN's as DirectoryString.  Before GnuTLS
 encoded and parsed UID fields as IA5String.  This was incorrect, it
 should have used DirectoryString.  Now it will use DirectoryString
 for the UID field, but for backwards compatibility it will also
 accept IA5String UID's.  Reported by Max Kellermann
 <max at duempel.org>.

I have fixed this in CVS for the 1.6.x branch:

 ** Regenerate the PKIX ASN.1 syntax tree.  For some reason, after
 changing the ASN.1 type of ldap-UID in the last release, the
 generated C file built from the ASN.1 schema was not refreshed.  This
 can cause problems when reading/writing UID components inside X.500
 Distinguished Names.  Reported by devel <dev001 at pas-world.com>.

Please test tomorrow's daily build and tell me if it solves the
problem for you, and I can release 1.6.2.

Btw, if anyone wants something in 1.6.2, now would be the time to ask
for it.


> El lun, 12-03-2007 a las 13:40 +0100, Simon Josefsson escribió:
>> devel <dev001 at pas-world.com> writes:
>> > Hello, I am trying to use certtool to make certificate, like another
>> > times.
>> > But this time, with another version of gnutls and other arch, my script
>> > do not work. Here is de problem:
>> >
>> >
>> >> certtool -p > new-user.key
>> >
>> > Work
>> >> certtool -q --outfile new-user.csr --load-privkey new-user.key --password $PASS
>> >
>> > fail, response of system after input parameters:
>> >
>> >> set_dn: ASN1 parser: Element was not found.
>> >
>> > Any suggestion?
>> Can you send me the CSR that trigger the problem?  Which version of
>> GnuTLS are you using, and which version of GnuTLS worked before for
>> you?
>> It sounds as if the CSR doesn't contain some field which certtool need
>> to have.
>> /Simon
> -- 
> --
> Devel in Precio http://www.pas-world.com

More information about the Gnutls-help mailing list