[gnutls-dev] libgnutls failes to parse OpenSSL generated certificates

Max Kellermann max at duempel.org
Wed Dec 20 13:53:09 CET 2006

Package: libgnutls13
Version: 1.4.4-3

libgnutls refuses to parse the subject of certificates created by
OpenSSL which have a userid attribute in their subject, i.e. oid
0.9.2342.19200300.100.1.1.  Output of "certtool -i":

|<1>| Found OID: '0.9.2342.19200300.100.1.1' with value
get_dn: ASN1 parser: Error in TAG.

gnutls generates certificates with an "ia5String" uid, while OpenSSL
generates a "printableString".  The latter violates gnutls'
lib/pkix.asn which states:

 -- LDAP stuff
 -- may not be correct
 ldap-UID ::= IA5String

Which is indeed not correct.  ldap-UID should be a DirectoryString.

More information about the Gnutls-devel mailing list