Re: [sr #107540] iPhone/iPad TLS negotiation to postfix fails with certt

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [sr #107540] iPhone/iPad TLS negotiation to postfix fails with certt

From:	Michael Rommel
Subject:	Re: [sr #107540] iPhone/iPad TLS negotiation to postfix fails with certtool certs, works with openssl certs
Date:	Sun, 5 Dec 2010 15:42:20 +0100

Sorry, I meant SHALL not SHOULD.

On 5. Dec 2010, at 15:29 , Michael Rommel wrote:

> Hi Nikos,
> 
> doing the same patch you suggested in a second location:
> 
> Line 1181 in lib/x509/common.c
> 
>      /* result = asn1_write_value (dst, name, NULL, 0); */
>      result = asn1_write_value (dst, name, "\x05\x00", 2);
> 
> did do the trick. Now the certificate is accepted and displayed for 
> acceptance. I'll update the info as soon as savannah is reachable again, the 
> last hour or so, no connection was possible.
> 
> Can you please give me a little bit more information, where I can find out 
> more about the correct parameters?
> 
> RFC3279 states:
> The ASN.1 object identifier used to identify this signature algorithm
>   is:
> 
>      sha-1WithRSAEncryption OBJECT IDENTIFIER  ::=  {
>          iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
>          pkcs-1(1) 5  }
> 
>   When any of these three OIDs appears within the ASN.1 type
>   AlgorithmIdentifier, the parameters component of that type SHALL be
>   the ASN.1 type NULL.
> 
>   The RSA signature generation process and the encoding of the result
>   is described in detail in PKCS #1 [RFC 2313].
> So it is a SHOULD. But can you leave it out or what can you do, when you 
> don't want to follow the SHOULD route?
> 
> I'd try to take the info to the openssl team and Apple because it would be 
> their part now... But if the behaviour is not defined how to handle the 
> non-SHOULD way it would make it difficult.
> 
> What's you opinion on that?
> 
> Thanks a lot!
> 
>  Michael.
> 
> 
> On 5. Dec 2010, at 11:20 , Nikos Mavrogiannopoulos wrote:
> 
>> 
>> Follow-up Comment #7, sr #107540 (project gnutls):
>> 
>> Could you try the attached patch, on whether generates certificates that are
>> accepted by the devices?
>> 
>> (file #22126)
>>   _______________________________________________________
>> 
>> Additional Item Attachment:
>> 
>> File name: patch.txt                      Size:0 KB
>> 
>> 
>>   _______________________________________________________
>> 
>> Reply to this item at:
>> 
>> <http://savannah.gnu.org/support/?107540>
>> 
>> _______________________________________________
>> Message sent via/by Savannah
>> http://savannah.gnu.org/
>> 
> 
> -- 
> Michael Rommel, Erlangen, Germany
> 
> 

-- 
Michael Rommel, Erlangen, Germany

[Prev in Thread]

Current Thread

[Next in Thread]

[sr #107540] iPhone/iPad TLS negotiation to postfix fails with certtool certs, works with openssl certs, (continued)

Prev by Date: Re: [sr #107540] iPhone/iPad TLS negotiation to postfix fails with certtool certs, works with openssl certs
Next by Date: c++ compatibility of crypto.h
Previous by thread: Re: [sr #107540] iPhone/iPad TLS negotiation to postfix fails with certtool certs, works with openssl certs
Next by thread: GnuTLS 2.10.4 released
Index(es):
- Date
- Thread