Help required for CSR validation

Boyan Kasarov bkasarov at gmail.com
Tue Nov 24 20:54:22 CET 2009 

Hello,

This patch works for RSA, but doesn't for DSA.

Greetings
Boyan

В 21:34 +0200 на 24.11.2009 (вт), Nikos Mavrogiannopoulos написа:
> Wilankar, Trupti wrote:
> > Hi,
> > 
> > I have used Certtool from GnuTLS Windows version 2.9.9.
> > A 2048 bit private key was generated using Certtool (Command: certtool -p --outfile priv.key --bits 2048). 
> > This private key was used to create CSRs, both on OpenSSL and Certtool. The DN fields (C, CN, ST, L, O, OU) used in both CSRs are also same.
> 
> Could you also try this patch? I noticed that integers in bit strings in
> openssl contain a leading zero. This patch makes certtool behave the same.
> 
> Документ с неформатиран текст прикрепен файл (patch-int)
> diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c
> index dc18eaa..50ce873 100644
> --- a/lib/x509/mpi.c
> +++ b/lib/x509/mpi.c
> @@ -380,14 +380,14 @@ _gnutls_x509_write_rsa_params (bigint_t * params, int params_size,
>        return _gnutls_asn2err (result);
>      }
>  
> -  result = _gnutls_x509_write_int (spk, "modulus", params[0], 0);
> +  result = _gnutls_x509_write_int (spk, "modulus", params[0], 1);
>    if (result < 0)
>      {
>        gnutls_assert ();
>        goto cleanup;
>      }
>  
> -  result = _gnutls_x509_write_int (spk, "publicExponent", params[1], 0);
> +  result = _gnutls_x509_write_int (spk, "publicExponent", params[1], 1);
>    if (result < 0)
>      {
>        gnutls_assert ();
> @@ -514,21 +514,21 @@ _gnutls_x509_write_dsa_params (bigint_t * params, int params_size,
>        return _gnutls_asn2err (result);
>      }
>  
> -  result = _gnutls_x509_write_int (spk, "p", params[0], 0);
> +  result = _gnutls_x509_write_int (spk, "p", params[0], 1);
>    if (result < 0)
>      {
>        gnutls_assert ();
>        goto cleanup;
>      }
>  
> -  result = _gnutls_x509_write_int (spk, "q", params[1], 0);
> +  result = _gnutls_x509_write_int (spk, "q", params[1], 1);
>    if (result < 0)
>      {
>        gnutls_assert ();
>        goto cleanup;
>      }
>  
> -  result = _gnutls_x509_write_int (spk, "g", params[2], 0);
> +  result = _gnutls_x509_write_int (spk, "g", params[2], 1);
>    if (result < 0)
>      {
>        gnutls_assert ();
> @@ -580,7 +580,7 @@ _gnutls_x509_write_dsa_public_key (bigint_t * params, int params_size,
>        return _gnutls_asn2err (result);
>      }
>  
> -  result = _gnutls_x509_write_int (spk, "", params[3], 0);
> +  result = _gnutls_x509_write_int (spk, "", params[3], 1);
>    if (result < 0)
>      {
>        gnutls_assert ();
> _______________________________________________
> Gnutls-devel mailing list
> Gnutls-devel at gnu.org
> http://lists.gnu.org/mailman/listinfo/gnutls-devel

More information about the Gnutls-devel mailing list