main: TLS init def ctx failed: -1

Fredrik Unger fred at
Wed Dec 1 12:36:31 CET 2010

On 11/26/2010 02:21 PM, Nikos Mavrogiannopoulos wrote:
> This is a private openssl format. gnutls accepts keys if they are encrypted with
> PKCS #8 or if they are unencrypted.

I have 2 new issues.

LDAP runs with an unencrypted key now, and I wanted to secure the key.
2 problems.

First I converted the key :
openssl pkcs8 -inform pem -in key.pem -topk8 -out key-8.pem -outform pem 

#1 Keyphrase lenght used for old key was 60 bytes, 50 bytes seems to
    be a limit of pkcs8 ? (eg. a openssl problem
    (silent failure for 50+ phrase => 0 byte key))

Once converted (using shorter passphrase) I get :

gnutls-serv --debug 31 --x509cafile /etc/ssl/cacert.pem --x509certfile 
/etc/ldap/cert/cert.pem --x509keyfile key-8.pem

Error reading '/etc/ldap/cert/cert.pem' or 'key-8.pem'
Error: ASN1 parser: Error in TAG.

#2 Error in TAG of converted key. (cert works with unencrypted key)

What do I need to be able to reuse the key ?
(also tried without -v1 PBE-SHA1-3DES -> The cipher type is unsupported 
with certtool)

I tried with certtool :

certtool --infile key-8.pem  --key-info -d 11
Setting log level to 11
|<2>| ASSERT: x509_b64.c:452
|<2>| Could not find '-----BEGIN RSA PRIVATE KEY'
|<2>| ASSERT: x509_b64.c:452
|<2>| Could not find '-----BEGIN DSA PRIVATE KEY'
|<2>| ASSERT: privkey.c:373
|<2>| ASSERT: x509_b64.c:452
|<2>| Could not find '-----BEGIN PRIVATE KEY'
|<2>| ASSERT: privkey_pkcs8.c:977
|<2>| ASSERT: privkey_pkcs8.c:1123
Enter password:
|<2>| ASSERT: x509_b64.c:452
|<2>| Could not find '-----BEGIN PRIVATE KEY'
|<9>| salt.size: 8
|<9>| iterationCount: 2048
|<2>| ASSERT: pkcs12_encr.c:88
|<2>| ASSERT: privkey_pkcs8.c:701
|<2>| ASSERT: privkey_pkcs8.c:799
|<2>| ASSERT: privkey_pkcs8.c:1123
certtool: import error: The request is invalid.

I am thankful for any hints.

More information about the Gnutls-help mailing list