[Help-gnutls] Re: CRQ signing error

Simon Josefsson simon at josefsson.org
Tue Apr 15 06:30:20 CEST 2008


"John Brooks" <aspecialj at gmail.com> writes:

> After lots of tinkering, i've solved the problem. It seems to fail if
> gnutls_x509_crq_set_version isn't called - although the error is rather
> cryptic.

Right.  I've improved the documentation for the function:

http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=4622926ab3685c76e83a22e6ac1f887ebabc985f

Possibly the code could have done this for you, the version field is
always 0 in practice anyway...  yes, I installed this:

http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=fe8027decd0a46952c81bb9b5e1a16ad3e8da616

Thanks,
Simon

> Thanks anyway :P
>
> On Mon, Apr 14, 2008 at 7:08 PM, John Brooks <aspecialj at gmail.com> wrote:
>
>> I'm attempting to generate a certificate request with just a common name,
>> and it seems that gnutls_x509_crq_sign2 is giving me
>> GNUTLS_E_ASN1_VALUE_NOT_FOUND; i'm not sure what to do about that. As far as
>> I can see, my code is consistent with the docs and examples. Any pointers on
>> where this is incorrect?
>>
>>         if ((re = gnutls_x509_crq_init(&req)) != 0)
>>         {
>>             gnutls_x509_privkey_deinit(key);
>>             return re;
>>         }
>>
>>         if ((re = gnutls_x509_crq_set_dn_by_oid(req,
>> GNUTLS_OID_X520_COMMON_NAME, 0, dn, strlen(dn))) != 0)
>>         {
>>             gnutls_x509_crq_deinit(req);
>>             gnutls_x509_privkey_deinit(key);
>>             return re;
>>         }
>>
>>         if ((re = gnutls_x509_crq_set_key(req, key)) != 0)
>>         {
>>             gnutls_x509_crq_deinit(req);
>>             gnutls_x509_privkey_deinit(key);
>>             return re;
>>         }
>>
>> // This is where the error occurs
>>         if ((re = gnutls_x509_crq_sign2(req, key, GNUTLS_DIG_SHA1, 0)) !=
>> 0)
>>         {
>>             gnutls_x509_crq_deinit(req);
>>             gnutls_x509_privkey_deinit(key);
>>             return re;
>>         }
>>
>>         if ((re = gnutls_x509_crq_export(req, GNUTLS_X509_FMT_PEM, buf,
>> bufsz)) != 0)
>>         {
>>             gnutls_x509_crq_deinit(req);
>>             gnutls_x509_privkey_deinit(key);
>>             return re;
>>         }
>>
>> Thanks ;)
>> --
>> - John
>
>
>
>
> -- 
> - John
> _______________________________________________
> Help-gnutls mailing list
> Help-gnutls at gnu.org
> http://lists.gnu.org/mailman/listinfo/help-gnutls





More information about the Gnutls-help mailing list