[gnutls-help] GNUTLS_E_PARSING_ERROR when reading PEM, yet is a PKCS11 error?
Max Bruce
max.bruce12 at gmail.com
Wed Aug 12 09:39:40 CEST 2015
I figured it out, I thought the certificate was supposed to be in a PEM
format, however I found a set of specs somewhere that elaborated a bit and
said it's PKCS#7, and converted it to PKCS#7. Interestingly enough, that
didn't work, and I tried PEM format again, and it worked. I'll chalk it up
to some bizarre issue.
Anyway, would the GNUTLS project be interested in a Java port? I made a
limited one for my NIO system in my web server. I'd be willing to port the
full library over if there is interest. (My motives were that there's no
good NIO & TLS & SNI system combined for Java).
On Wed, Aug 12, 2015 at 12:32 AM, Nikos Mavrogiannopoulos <nmav at gnutls.org>
wrote:
> On Wed, Aug 12, 2015 at 7:35 AM, Max Bruce <max.bruce12 at gmail.com> wrote:
> > Calling code:
> > int e1 = gnutls_certificate_set_x509_key_file(oc->cert, certj, keyj,
> > GNUTLS_X509_FMT_PEM);
> > All looks good from my side, and both certj/keyj are absolute paths to a
> > certificate & private key in PEM format. It returns -302, which
> translates
> > to GNUTLS_E_PARSING_ERROR, of which is under the category of errors
> "PKCS11
> > related"
> > I'll attach a copy of the public key to this, and I can send the private
> key
> > to anyone that asks to see it(it's PEM directly from StartCom).
>
> Hello,
> Don't send your private key to anybody unless it is a test key. Just
> copy/paste the header (the BEGIN --- part), and whether certtool -k
> succeeds in parsing it.
>
> regards,
> Nikos
>
--
Thanks,
Max Bruce
www.avuna.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150812/03a62930/attachment.html>
More information about the Gnutls-help
mailing list