[Help-gnutls] Re: gnutls_certificate_verify_peers2() / GNUTLS_CERT_INVALID

Rainer Gerhards rgerhards at gmail.com
Fri Jun 20 09:06:11 CEST 2008


I dug a bit deeper and the problem seems to manifest here:

5292.506957161:main queue:Reg/w0: GnuTLS handshake succeeded
5292.512077291:main queue:Reg/w0: nsd_gtls.c:1013: gtlsChkPeerAuth: enter
5292.514658306:main queue:Reg/w0: nsd_gtls.c:919: gtlsChkPeerCertValidity: enter
5292.629403970:main queue:Reg/w0: GnuTLS log msg, level 2: ASSERT: mpi.c:587

5292.671502166:main queue:Reg/w0: GnuTLS log msg, level 2: ASSERT:
gnutls_pk.c:285

5292.672798260:main queue:Reg/w0: GnuTLS log msg, level 2: ASSERT: verify.c:552

5292.673415581:main queue:Reg/w0: GnuTLS log msg, level 2: ASSERT: verify.c:642

5292.675380113:main queue:Reg/w0: GnuTLS log msg, level 2: ASSERT: verify.c:301

5292.741284540:main queue:Reg/w0: GnuTLS log msg, level 2: ASSERT: dn.c:1212

5292.744965838:main queue:Reg/w0: GnuTLS log msg, level 2: ASSERT: verify.c:395

5292.751276475:main queue:Reg/w0: GnuTLS returned no specific reason
for GNUTLS_CERT_INVALID, certificate status is 2

I used the code I just pulled from the git archive. So the assert in
mpi.c is this one here:

int
_gnutls_x509_read_uint (ASN1_TYPE node, const char *value, unsigned int *ret)
{
  int len, result;
  opaque *tmpstr;

  len = 0;
  result = asn1_read_value (node, value, NULL, &len);
  if (result != ASN1_MEM_ERROR)
    {
      gnutls_assert ();
      return _gnutls_asn2err (result);
    }

... but I have to admit that I have no clue what this actually means ;)

Help is appreciated.
Rainer


On Fri, Jun 20, 2008 at 8:16 AM, Rainer Gerhards <rgerhards at gmail.com> wrote:
> Hi,
>
> I receive *just* GUTLS_CERT_INVALID after calling
> gnutls_certificate_verify_peers2(), no specific error state. Do you
> have any idea what may cause this?
>
> Thanks,
> Rainer
>





More information about the Gnutls-help mailing list