[gnutls-help] generating self signed cert - no way to set spki
ueno at gnu.org
Thu Aug 27 13:26:13 CEST 2020
Curtis Villamizar <curtis at ipv6.occnc.com> writes:
> That is OK if using RSA. Doesn't help with EC CA certs.
Yes, because the gnutls_x509_spki_t structure was introduced to cover
the use-case of RSA-PSS. The question is why you determine that it's
the cause of the failure you are facing; if you are dealing with EC
certs, that structure shouldn't be used at all. That's why I'm asking
for a reproducer.
Aren't you able to achieve the same task with certtool either?
> In message <87y2m1cyck.fsf-ueno at gnu.org>
> Daiki Ueno writes:
>> Hello Curtis,
>> Curtis Villamizar <curtis at ipv6.occnc.com> writes:
>> There are quite a lot here and I can't tell what is the root cause until
>> I see the code. Would it be possible to provide a standalone
>> > So there are two issues here:
>> > 1. No way to fill in a spki struct. I may be missing something.
>> This one is easy to answer: you can use gnutls_x509_spki_init,
>> gnutls_x509_spki_set_rsa_pss_params, and gnutls_x509_spki_deinit.
>> Daiki Ueno
More information about the Gnutls-help