Bug#403072: [Pkg-gnutls-maint] Re: Bug#403072: exim4-daemon-light
fails to use equifax SSL cert/key obtained from "1&1" hosting
James Westby
jw+debian at jameswestby.net
Fri Dec 15 19:24:28 CET 2006
On (15/12/06 02:56), Felix Palmen wrote:
> Hallo James,
>
> The error was thrown from x509_b64.c:449. The reason was very obvious
> then: My key just starts with -----BEGIN PRIVATE KEY----- (no RSA or
> DSA).
>
> After a little research, I found that this could mean it's in PKCS#8
> format. Indeed, I could convert it using OpenSSL's pkcs8 module and
> GnuTLS works fine with the converted RSA key.
That's great thanks. Your explanation sounds right to me.
>
> So the problem is just that GnuTLS doesn't understand keys in PKCS#8
> format. Maybe this should get mentioned in README.
However I think there is still a bug. GnuTLS can create PKCS#8 keys
(certtool -p -8), so I think it should be able to read them. I just
generated one with the above command, and then certtool -k failed with a
base64 decoding error.
So this bug should be to add support for reading PKCS#8 keys, or at the
very least give a sensible error message.
Have you got your certificate up and running with the converted one now?
Thanks,
James
--
James Westby -- GPG Key ID: B577FE13 -- http://jameswestby.net/
seccure key - (3+)k7|M*edCX/.A:n*N!>|&7U.L#9E)Tu)T0>AM - secp256r1/nistp256
More information about the Pkg-gnutls-maint
mailing list