[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnutls-dev] libgnutls failes to parse OpenSSL generated certificates
From: |
Max Kellermann |
Subject: |
[gnutls-dev] libgnutls failes to parse OpenSSL generated certificates |
Date: |
Wed, 20 Dec 2006 13:53:09 +0100 |
User-agent: |
Mutt/1.5.13 (2006-08-11) |
Package: libgnutls13
Version: 1.4.4-3
libgnutls refuses to parse the subject of certificates created by
OpenSSL which have a userid attribute in their subject, i.e. oid
0.9.2342.19200300.100.1.1. Output of "certtool -i":
|<1>| Found OID: '0.9.2342.19200300.100.1.1' with value
'13066d6c61626962'
get_dn: ASN1 parser: Error in TAG.
gnutls generates certificates with an "ia5String" uid, while OpenSSL
generates a "printableString". The latter violates gnutls'
lib/pkix.asn which states:
-- LDAP stuff
-- may not be correct
[...]
ldap-UID ::= IA5String
Which is indeed not correct. ldap-UID should be a DirectoryString.
- [gnutls-dev] libgnutls failes to parse OpenSSL generated certificates,
Max Kellermann <=