EC keys interoperability issue between openSSL and GnuTLS ?

Fabrice Gautier fabrice.gautier at
Sat Nov 5 00:46:29 CET 2011


I generated some EC keys and cert using openssl, and when I try to use
them with gnutls_serv, it seems that gnutls_serv will just crash.

It also seems that I can properly read them using gnutls certtool.

This is how I generated ServerKey.ecc.pem with openSSL:
$ openssl ecparam -name secp256r1 -out ecparam.pem
$ openssl req -new -nodes -days 365 -subj '/CN=SecurityTests Server
Cert (ECC)'  -newkey ec:ecparam.pem -keyout ServerKey.ecc.pem -out

Using certtool I get:

$ /usr/local/bin/certtool -k --infile test-certs/ServerKey.ecc.pem
Public Key Info:
	Public Key Algorithm: ECC
	Key Security Level: Unknown

Error in key ECC data export: The request is invalid.

Error in key id calculation: ASN1 parser: Generic parsing error.

/usr/local/bin/certtool: export error: ASN1 parser: Element was not found.

When using that key with gnutls_serv, it seems that it just crashes
without any warning message (when I try to connect using an EC cipher

Note that if I generated the keys using certtool then it seems to be fine.

-- Fabrice

More information about the Gnutls-help mailing list