Generating EC keys with certtool
Fabrice Gautier
fabrice.gautier at gmail.com
Thu Nov 10 22:11:02 CET 2011
Hum, so actually I upgrade to 3.0.7 on the Good system, and now its bad...
Bug introduced between 3.0.5 and 3.0.7 ?
-- Fabrice
On Thu, Nov 10, 2011 at 12:59 PM, Fabrice Gautier
<fabrice.gautier at gmail.com> wrote:
> On Thu, Nov 10, 2011 at 12:08 PM, Nikos Mavrogiannopoulos
> <n.mavrogiannopoulos at gmail.com> wrote:
>> On 11/10/2011 08:58 PM, Nikos Mavrogiannopoulos wrote:
>>
>>>>> What do you mean verify a CSR? Verify the self signature? That is being
>>>>> done automatically when it is signed.
>>>> Ah yes, I see that. Openssl has a command to verify without signing.
>>>> The reason I'm not using certtool to generate the request is that I
>>>> already had a script to generate certs using openssl. The only reason
>>>> I used certtool for the key was that gnutls does not read openssl ec
>>>> keys (Thats the issue I reported a few days ago).
>>>> After investigating, it appears that the problem lies in gnutls
>>>> generating a bad EC key on the BAD system. Both gnutls and openssl (on
>>>> both GOOD and BAD systems) will happily generate a CSR using that bad
>>>> key, but both will fail the verification when trying to sign the CSR.
>>> Can you send me that (bad) key? What kind of system is the BAD system?
>>
>> I just noticed it was attached. It is indeed incorrect. Did you run
>> "make check" on the gnutls source on that system? Could you provide
>> information about the CPU (32-bit/64-bit, endianness etc.).
>>
>
> The bad systems are a MacBook Pro (Intel Core i7 / MacBokPro6,2) and a
> Mac Pro (Quad-Core Intel Xeon / MacPro4,1), both running Snow Leopard
> (10.6.8)
> Those are using gnutls 3.0.7
> Those register as x86_64-apple-darwin10.8.0
>
> The good system is an iMac (Intel Core i7 / iMac12,2) running Lion (10.7.2)
> This is with gnutls 3.0.5
> This one register as x86_64-apple-darwin11.2.0
>
>
> I had to disable assembly and hardware acceleration for nettle and
> gnutls because assembly would not compile.
>
>
> make check failed in all cases with "../gl/getopt.h:197: error:
> redefinition of 'struct option'"
>
> -- Fabrice
>
More information about the Gnutls-help
mailing list