Problem with DSA key signed CSRs
Timo Gerke
tgerke at web.de
Mon Jun 28 17:52:16 CEST 2010
Dear List,
I think I've discoverd an other bug.
Then I generate a CSR signed with an DSA key an verify the request
with openssl the verification fails.
I did:
a.1) certtool -p --dsa --disable-quick-random --outfile dsakey.pem
a.2) certtool --to-p8 --pkcs-cipher aes-256 --load-privkey dsakey.pem --outfile dsakey.p8
b) certtool -8q --load-privkey --load-privkey dsakey.pem --outfile newreq.pem
c) openssl req -verify -noout -in newreq.csr
Error message is:
2936:error:0A071066:dsa routines:DSA_do_verify:bad q value:dsa_ossl.c:309:
2936:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP
lib:a_verify.c:168:
I used gnutls 2.10.0 and openssl 0.9.8g.
BTW the format autodectetion of certtool seems not to work properly.
regards,
Timo
More information about the Gnutls-help
mailing list