[gnutls-devel] certificate I can't import

Andreas Metzler ametzler at bebt.de
Sat Aug 15 14:28:09 CEST 2015

On 2015-08-15 Kurt Roeckx <kurt at roeckx.be> wrote:
> I didn't have time yet to look into this myself, but I have a
> bunch of certificates I can't import it with
> gnutls_x509_crt_import().  I can perfectly read them with openssl
> and can't see anything obvious wrong with them at a first look.
> Can someone look at this?  I've attached an example.


ametzler at argenau:/tmp$ certtool --infile=/tmp/fail.pem -i --debug=4711
Setting log level to 4711
|<2>| Unknown SIGN OID: '1.2.840.113549.1.1.1'
|<2>| signatureAlgorithm.algorithm differs from tbsCertificate.signature.algorithm: RSA-SHA1, (null)

1.2.840.113549.1.1.1 is "rsaEncryption", I *guess* that is not a valid
signature algoritm, it should read somethigng like sha1WithRSAEncryption.

cu Andreas
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the Gnutls-devel mailing list