[gnutls-help] pkcs12 format not understood by GNUTLS 3.1.18

Lavrentiev, Anton (NIH/NLM/NCBI) [C] lavr at ncbi.nlm.nih.gov
Fri Jan 10 20:32:17 CET 2014


There is an issue reported to me that GNUTLS 3.1.18 fails to load
a certificate / public key, from a PKCS#12 file in DER format
created by the following command:

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

When the "certificate.pfx" file is then read with the following GNUTLS call,
an error -60 gets returned:

err = gnutls_certificate_set_x509_simple_pkcs12_file(cred, "certificate.pfx", GNUTLS_X509_FMT_DER, pass);

Yet that works perfectly with an older GNUTLS version (e.g. 2.4.2).

If CACert.crt is not included in the .pfx file, the code above begins
to work with the current GNUTLS release (3.1.18).

Is this the expected behavior?


Anton Lavrentiev
Contractor NIH/NLM/NCBI

More information about the Gnutls-help mailing list