Re: Test failure of ‘chainverify’

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Mar 11 12:42:04 CET 2010


Hi,
 There has been some change in the verification code and might be
related. I'll check it this evening.

regards,
Nikos


On Thu, Mar 11, 2010 at 12:28 PM, Ludovic Courtès <ludo at gnu.org> wrote:
> Hello,
>
> The ‘chainverify’ test currently fails with the latest libtasn1 and
> libgcrypt:
>
> --8<---------------cut here---------------start------------->8---
> Chain 'verisign.com v1 fail' (1)...
>        Adding certificate 0...done
>        Certificate 0: subject `serialNumber=2497886,1.3.6.1.4.1.311.60.2.1.3=#13025553,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,C=US,2.5.4.17=#14053934303433,ST=California,L=Mountain View,STREET=487 East Middlefield Road,O=VeriSign\, Inc.,OU=Production Security Services,OU=Terms of use at www.verisign.com/rpa (c)06,CN=www.verisign.com', issuer `C=US,O=VeriSign\, Inc.,OU=VeriSign Trust Network,OU=Terms of use at https://www.verisign.com/rpa (c)06,CN=VeriSign Class 3 Extended Validation SSL SGC CA', RSA key 1024 bits, signed using RSA-SHA1, activated `2007-05-09 00:00:00 UTC', expires `2009-05-08 23:59:59 UTC', SHA-1 fingerprint `c6750e8da95f5a65bb046d6079d4fc87402e0381'
>        Adding certificate 1...done
>        Certificate 1: subject `C=US,O=VeriSign\, Inc.,OU=VeriSign Trust Network,OU=Terms of use at https://www.verisign.com/rpa (c)06,CN=VeriSign Class 3 Extended Validation SSL SGC CA', issuer `C=US,O=VeriSign\, Inc.,OU=VeriSign Trust Network,OU=(c) 2006 VeriSign\, Inc. - For authorized use only,CN=VeriSign Class 3 Public Primary Certification Authority - G5', RSA key 2048 bits, signed using RSA-SHA1, activated `2006-11-08 00:00:00 UTC', expires `2016-11-07 23:59:59 UTC', SHA-1 fingerprint `4a8a2a0e276ff33b5dd88a362146010f2a8b6aee'
>        Adding certificate 2...done
>        Certificate 2: subject `C=US,O=VeriSign\, Inc.,OU=VeriSign Trust Network,OU=(c) 2006 VeriSign\, Inc. - For authorized use only,CN=VeriSign Class 3 Public Primary Certification Authority - G5', issuer `C=US,O=VeriSign\, Inc.,OU=Class 3 Public Primary Certification Authority', RSA key 2048 bits, signed using RSA-SHA1, activated `2006-11-08 00:00:00 UTC', expires `2021-11-07 23:59:59 UTC', SHA-1 fingerprint `7e7e026f71bfe7bbc7e7e5c591b1915cb6684e6c'
>        Adding certificate 3...done
>        Certificate 3: subject `C=US,O=VeriSign\, Inc.,OU=Class 3 Public Primary Certification Authority', issuer `C=US,O=VeriSign\, Inc.,OU=Class 3 Public Primary Certification Authority', RSA key 1024 bits, signed using RSA-MD2 (broken!), activated `1996-01-29 00:00:00 UTC', expires `2028-08-01 23:59:59 UTC', SHA-1 fingerprint `742c3192e607e424eb4549542be1bbc53e6174e2'
>        Adding CA certificate...done
>        CA Certificate: subject `C=US,O=VeriSign\, Inc.,OU=Class 3 Public Primary Certification Authority', issuer `C=US,O=VeriSign\, Inc.,OU=Class 3 Public Primary Certification Authority|<2>| ASSERT: verify.c:181
> |<2>| ASSERT: verify.c:313
> |<2>| ASSERT: verify.c:482
> |<2>| ASSERT: dn.c:304
> |<2>| ASSERT: dn.c:304
> |<2>| ASSERT: dn.c:304
> |<2>| ASSERT: dn.c:304
> |<2>| ASSERT: dn.c:304
> |<2>| ASSERT: dn.c:304
> |<2>| ASSERT: dn.c:304
> |<2>| ASSERT: dn.c:304
> |<2>| ASSERT: dn.c:304
> |<2>| ASSERT: dn.c:304
> |<2>| ASSERT: dn.c:1211
> |<2>| ASSERT: dn.c:304
> |<2>| ASSERT: dn.c:304
> |<2>| ASSERT: dn.c:304
> |<2>| ASSERT: dn.c:304
> --8<---------------cut here---------------end--------------->8---
>
> (From <http://hydra.nixos.org/build/321623>.)
>
> Ideas?
>
> Thanks,
> Ludo’.
>
>
>
> _______________________________________________
> Gnutls-devel mailing list
> Gnutls-devel at gnu.org
> http://lists.gnu.org/mailman/listinfo/gnutls-devel
>





More information about the Gnutls-devel mailing list