[Help-gnutls] Key usage violation in certificate

Kevin P. Fleming kpfleming at digium.com
Tue Nov 4 18:26:13 CET 2008


Joe Orton wrote:

>> Could it be then that libneon selected a wrong certificate from the
>> pkcs12 file?
> 
> I'm missing some context here, but current neon releases can indeed do 
> that, this is a known neon bug, see:
> 
> http://lists.manyfish.co.uk/pipermail/neon/2008-October/000086.html
> 
>> Does it use gnutls_certificate_set_x509_simple_pkcs12_file()?
> 
> Just for the record - neon doesn't use that function, no.

OK, on the basis of this note (and yes, our client cert pkcs12 files
usually contain the CA cert as well), I regenerated the pkcs12 file for
my cert without the CA cert in it, and the problem has been worked
around. We don't really need the CA cert to be in the pkcs12 files, so
this will work for us. Thanks to everyone who helped solve this problem :-)

-- 
Kevin P. Fleming
Director of Software Technologies
Digium, Inc. - "The Genuine Asterisk Experience" (TM)





More information about the Gnutls-help mailing list