mk at cognitivedissonance.ca
Fri Oct 12 13:47:08 CEST 2012
On Wed, 10 Oct 2012 20:16:34 +0200
Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> On 10/09/2012 11:18 PM, MK wrote:
> > I just started using gnuTLS, and one of the first things I needed
> > to do was incorporate a certificate with encrypted key generated by
> > openSSL. This seemed like a very simple task, here's a minimal
> > reproduction of the technique I used to decrypt the original key:
> Ouch. It seems there was a bug in the openssl key import. I've
> committed a fix and added a test case:
> Could you try whether this solves the issue you see?
I did, but no such luck. Since this certificate isn't used online
now, I can give you the offending key:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
This was generated by openssl.
Here's an interesting thing; there was a tiny discrepancy in the patch
which made it fail on tests/Makefile.am:
- mini-dtls-heartbeat mini-x509-callbacks
+ mini-dtls-heartbeat mini-x509-callbacks key-openssl
In my 3.1.2 tarball, that line is just "mini-dtls-heartbeat", so I
added the "mini-x509-callbacks". However, make check then failed with:
make: *** No rule to make target `mini-x509-callbacks.c', needed by
I don't have much experience with autotools, so I tried a couple other
guesses but could not get it to apply. Sorry.
> In general try to avoid the custom openssl format. The PKCS #8 format
> is standardized and can be handled by more tools.
Absolutely. It's actually not necessary for me to incorporate the
openssl import, so no problem (for me, at least...).
"Enthusiasm is not the enemy of the intellect." (said of Irving Howe)
"The angel of history[...]is turned toward the past." (Walter Benjamin)
More information about the Gnutls-help