Bug#426013: exim4-daemon-heavy Base64 decoding error

[Mark Adams]

Hi Simon,

Apologies for the very late reply.

certool works fine on the .crt file, but not on the .key - I get the
Base64 decoding error.

certtool: Import error: Base64 decoding error.

The file appears to be in the correct format.

Regards,
Mark


On Fri, Jan 04, 2008 at 12:22:51PM +0100, Simon Josefsson wrote:
> Hi Mark!  I'm trying to help debug this problem.  Could you please post
> the output from running:
> 
> certtool -i < /etc/exim4/certificates/newserver_co_uk.crt
> 
> Could you also check that
> 
> certtool -k < /etc/exim4/certificates/newserver_co_uk.pem
> 
> works?  Don't post the output, as that would compromise your private
> key.
> 
> Do the files contain anything except one certificate and one private key
> respectively?
> 
> The next step would be to install libgnutls-dbg and set a breakpoint on
> gnutls_certificate_set_x509_key_file to see where it fails.
> 
> I'm trying to confirm that the problem only happens inside exim, and not
> inside gnutls.  That seems strange, but the discussions in the bug
> report earlier suggests this.
> 
> Fwiw, I believe this problem has nothing to do with a wildcard cert, the
> code that fails reads:
> 
>   DEBUG(D_tls) debug_printf("certificate file = %s\nkey file = %s\n",
>     cert_expanded, key_expanded);
>   rc = gnutls_certificate_set_x509_key_file(x509_cred, CS cert_expanded,
>     CS key_expanded, GNUTLS_X509_FMT_PEM);
>   if (rc < 0)
>     {
>     uschar *msg = string_sprintf("cert/key setup: cert=%s key=%s",
>       cert_expanded, key_expanded);
>     return tls_error(msg, host, rc);
>     }
> 
> That function does not care whether the certificate is a wildcard one.
> 
> /Simon