main: TLS init def ctx failed: -1
Fredrik Unger
fred at ludd.ltu.se
Wed Dec 1 12:36:31 CET 2010
On 11/26/2010 02:21 PM, Nikos Mavrogiannopoulos wrote:
> This is a private openssl format. gnutls accepts keys if they are encrypted with
> PKCS #8 or if they are unencrypted.
I have 2 new issues.
LDAP runs with an unencrypted key now, and I wanted to secure the key.
2 problems.
First I converted the key :
openssl pkcs8 -inform pem -in key.pem -topk8 -out key-8.pem -outform pem
-v1 PBE-SHA1-3DES
#1 Keyphrase lenght used for old key was 60 bytes, 50 bytes seems to
be a limit of pkcs8 ? (eg. a openssl problem
(silent failure for 50+ phrase => 0 byte key))
Once converted (using shorter passphrase) I get :
gnutls-serv --debug 31 --x509cafile /etc/ssl/cacert.pem --x509certfile
/etc/ldap/cert/cert.pem --x509keyfile key-8.pem
Error reading '/etc/ldap/cert/cert.pem' or 'key-8.pem'
Error: ASN1 parser: Error in TAG.
#2 Error in TAG of converted key. (cert works with unencrypted key)
What do I need to be able to reuse the key ?
(also tried without -v1 PBE-SHA1-3DES -> The cipher type is unsupported
with certtool)
I tried with certtool :
certtool --infile key-8.pem --key-info -d 11
Setting log level to 11
|<2>| ASSERT: x509_b64.c:452
|<2>| Could not find '-----BEGIN RSA PRIVATE KEY'
|<2>| ASSERT: x509_b64.c:452
|<2>| Could not find '-----BEGIN DSA PRIVATE KEY'
|<2>| ASSERT: privkey.c:373
|<2>| ASSERT: x509_b64.c:452
|<2>| Could not find '-----BEGIN PRIVATE KEY'
|<2>| ASSERT: privkey_pkcs8.c:977
|<2>| ASSERT: privkey_pkcs8.c:1123
Enter password:
|<2>| ASSERT: x509_b64.c:452
|<2>| Could not find '-----BEGIN PRIVATE KEY'
|<9>| salt.size: 8
|<9>| iterationCount: 2048
|<2>| ASSERT: pkcs12_encr.c:88
|<2>| ASSERT: privkey_pkcs8.c:701
|<2>| ASSERT: privkey_pkcs8.c:799
|<2>| ASSERT: privkey_pkcs8.c:1123
certtool: import error: The request is invalid.
I am thankful for any hints.
More information about the Gnutls-help
mailing list