Bug#403072: [Pkg-gnutls-maint] Re: Bug#403072: exim4-daemon-light fails to use equifax SSL cert/key obtained from "1&1" hosting

Felix Palmen fmp at palmen.homeip.net
Fri Dec 15 01:50:22 CET 2006 

Hallo James,

* James Westby <jw+debian at jameswestby.net> [20061214 18:44]:
> Assuming that that tells us nothing could I provide you with an
> instrumented GnuTLS library that will reveal the real problem? Looking
> at the code there are many points that will throw this error, so first
> it would be good to know which one it is tripping up on. Then it would
> be good to know what the actual problem is it is having with the files,
> which might point to where the bug lies.

Well, as my first idea about how to solve this problem was to build
exim4 optionally with OpenSSL, i didn't bother to track it down in
GnuTLS.

For now, i can tell you roughly where it happens:

#0  0xb7d83947 in raise () from /lib/tls/libc.so.6
#1  0xb7d850c9 in abort () from /lib/tls/libc.so.6
#2  0xb7f5aaaf in _gnutls_fbase64_decode (header=0xb7f9f2f5 "RSA PRIVATE KEY", 
    data=0x8071e30 "-----BEGIN PRIVATE KEY-----\nXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"..., 
    data_size=3215787612, result=0xbfad0718) at x509_b64.c:521
#3  0xb7f8b593 in gnutls_x509_privkey_import (key=0x8071cf0, data=0xbfad0784, 
    format=GNUTLS_X509_FMT_PEM) at privkey.c:381
#4  0xb7f6ec81 in _gnutls_x509_raw_privkey_to_gkey (privkey=0x8071cc8, 
    raw_key=0xbfad0784, type=GNUTLS_X509_FMT_PEM) at gnutls_x509.c:686
#5  0xb7f6edca in read_key_mem (res=0x8071c68, key=0x8071e30, key_size=912, 
    type=GNUTLS_X509_FMT_PEM) at gnutls_x509.c:732
#6  0xb7f6ef3c in gnutls_certificate_set_x509_key_file (res=0x8071c68, 
    CERTFILE=0xbfad3879 "exim.crt", KEYFILE=0xbfad3861 "exim.key", 
    type=GNUTLS_X509_FMT_PEM) at gnutls_x509.c:785
#7  0x0804df87 in main (argc=Cannot access memory at address 0x7ed1
) at serv.c:804
#8  0xb7d6fea8 in __libc_start_main () from /lib/tls/libc.so.6
#9  0x0804b011 in _start () at ../sysdeps/i386/elf/start.S:119

so this tells me _gnutls_base64_decode() returns a negative value. Well,
i can't find an obvious error in _gnutls_base64_decode() and decode(),
so i'll try to further investigate that tomorrow.

I masked the key in the backtrace - of course there was also a newline
character every 64 characters.

Greetings,
Felix

-- 
 | /"\   ASCII Ribbon   | Felix M. Palmen (Zirias)    http://zirias.ath.cx/ |
 | \ / Campaign Against | fmp at palmen.homeip.net      encrypted mail welcome |
 |  X    HTML In Mail   | PGP key: http://zirias.ath.cx/pub.txt             |
 | / \     And News     | ED9B 62D0 BE39 32F9 2488 5D0C 8177 9D80 5ECF F683 |

More information about the Pkg-gnutls-maint mailing list