Fatal error: Key usage violation in certificate has been detected
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Sat Oct 24 03:11:42 CEST 2009
Daniel Kahn Gillmor wrote:
>> And if it is the case (and I think that it IS the case), which possibles
>> workarounds exist ?
>
> Maybe there's a GnuTLS priority string you can set to disable usage flag
> checking as a workaround? if there is, i couldn't find it here:
>
> http://www.gnu.org/software/gnutls/manual/html_node/Core-functions.html#gnutls_priority_set
>
> seems like they should reall use a certificate with the right usage
> flags set, though.
I can see that the certificate allow:
X509v3 Key Usage:
Key Encipherment
and that means it will issue key usage violation for all ciphersuites
except for RSA (not even DHE-RSA, just RSA). Thus the server sending
this certificate must be configured to disable all other ciphersuites.
regards,
Nikos
More information about the Gnutls-devel
mailing list