[gnutls-dev] Certificate with get_issuer_dn and get_dn failing with ASN1 parser: Error in TAG

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Oct 8 11:07:35 CEST 2007

On Monday 08 October 2007, Tim Kosse wrote:
> Hi,

> I've encountered a certificate which cannot be parsed correctly with
> GnuTLS 2.0.1
> Using certtool -i on the attached certificate prints the following two
> error messages:
> error: get_issuer_dn: ASN1 parser: Error in TAG
> error: get_dn: ASN1 parser: Error in TAG.

Indeed, there is an error in the TAG of this value (Pkcs9email). Your 
certificate contains a Printable string instead of the (correct) IA5String. 
openssl seems to ignore this error but we don't :)

Which program did it generate the certificate? (pkcs9email is deprecated 
anyway). I will update the parser to display the value in hex if it had 
problems to decode it.


More information about the Gnutls-devel mailing list