EC keys interoperability issue between openSSL and GnuTLS ?
fabrice.gautier at gmail.com
Sat Nov 5 00:46:29 CET 2011
I generated some EC keys and cert using openssl, and when I try to use
them with gnutls_serv, it seems that gnutls_serv will just crash.
It also seems that I can properly read them using gnutls certtool.
This is how I generated ServerKey.ecc.pem with openSSL:
$ openssl ecparam -name secp256r1 -out ecparam.pem
$ openssl req -new -nodes -days 365 -subj '/CN=SecurityTests Server
Cert (ECC)' -newkey ec:ecparam.pem -keyout ServerKey.ecc.pem -out
Using certtool I get:
$ /usr/local/bin/certtool -k --infile test-certs/ServerKey.ecc.pem
Public Key Info:
Public Key Algorithm: ECC
Key Security Level: Unknown
Error in key ECC data export: The request is invalid.
Error in key id calculation: ASN1 parser: Generic parsing error.
/usr/local/bin/certtool: export error: ASN1 parser: Element was not found.
When using that key with gnutls_serv, it seems that it just crashes
without any warning message (when I try to connect using an EC cipher
Note that if I generated the keys using certtool then it seems to be fine.
More information about the Gnutls-help