[Help-gnutls] Re: CRQ signing error

Tue Apr 15 04:22:36 CEST 2008

After lots of tinkering, i've solved the problem. It seems to fail if
gnutls_x509_crq_set_version isn't called - although the error is rather
cryptic.

Thanks anyway :P

On Mon, Apr 14, 2008 at 7:08 PM, John Brooks <aspecialj at gmail.com> wrote:

> I'm attempting to generate a certificate request with just a common name,
> and it seems that gnutls_x509_crq_sign2 is giving me
> GNUTLS_E_ASN1_VALUE_NOT_FOUND; i'm not sure what to do about that. As far as
> I can see, my code is consistent with the docs and examples. Any pointers on
> where this is incorrect?
>
>         if ((re = gnutls_x509_crq_init(&req)) != 0)
>         {
>             gnutls_x509_privkey_deinit(key);
>             return re;
>         }
>
>         if ((re = gnutls_x509_crq_set_dn_by_oid(req,
> GNUTLS_OID_X520_COMMON_NAME, 0, dn, strlen(dn))) != 0)
>         {
>             gnutls_x509_crq_deinit(req);
>             gnutls_x509_privkey_deinit(key);
>             return re;
>         }
>
>         if ((re = gnutls_x509_crq_set_key(req, key)) != 0)
>         {
>             gnutls_x509_crq_deinit(req);
>             gnutls_x509_privkey_deinit(key);
>             return re;
>         }
>
> // This is where the error occurs
>         if ((re = gnutls_x509_crq_sign2(req, key, GNUTLS_DIG_SHA1, 0)) !=
> 0)
>         {
>             gnutls_x509_crq_deinit(req);
>             gnutls_x509_privkey_deinit(key);
>             return re;
>         }
>
>         if ((re = gnutls_x509_crq_export(req, GNUTLS_X509_FMT_PEM, buf,
> bufsz)) != 0)
>         {
>             gnutls_x509_crq_deinit(req);
>             gnutls_x509_privkey_deinit(key);
>             return re;
>         }
>
> Thanks ;)
> --
> - John

-- 
- John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20080414/77b53610/attachment.htm>