[gnutls-devel] GnuTLS | certtool --generate-self-signed returns crt_sign: ASN1 parser: Value is not valid. (#1144)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Thu Jan 7 20:12:21 CET 2021
Eirik Øverby created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1144
## Description of problem:
When using --generate-privkey with subsequent --generate-self-signed, certtool returns
crt_sign: ASN1 parser: Value is not valid.
## Version of gnutls used:
gnutls-3.6.15
## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
FreeBSD (official package repos for 12.2, and self-built for 12.2 and CURRENT)
## How reproducible:
Every time
Steps to Reproduce:
* echo "cn = localhost" > foo
* certtool --generate-privkey --outfile key.pem
* certtool --generate-self-signed --load-privkey key.pem --template foo --outfile cert.pem
## Actual results:
Adding -d 9999 -VVVVV, we get:
```
Generating a 3072 bit RSA private key...
Setting log level to 9999
Generating a self signed certificate...
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: x509.c[gnutls_x509_crt_get_issuer_unique_id]:3995
|<3>| ASSERT: x509.c[gnutls_x509_crt_get_subject_unique_id]:3945
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
|<3>| ASSERT: mpi.c[wrap_nettle_mpi_print]:60
X.509 Certificate Information:
Version: 3
Serial Number (hex): 1fbcd9fed9ca1aaedb8882209f96bcded324d777
Validity:
Not Before: Thu Jan 07 19:10:27 UTC 2021
Not After: Fri Jan 07 19:10:27 UTC 2022
Subject: CN=localhost
Subject Public Key Algorithm: RSA
Algorithm Security Level: High (3072 bits)
Modulus (bits 3072):
00:bd:80:78:84:48:61:ab:3b:5d:72:55:4f:af:88:9b
17:0c:04:f9:13:b8:b1:89:d0:e2:9b:f2:dc:49:91:a5
8f:f8:11:f0:06:40:c0:25:d5:43:a3:5b:99:fa:f6:a2
06:00:7f:4c:c2:7c:6e:e5:3d:dd:7f:75:b9:71:83:7a
a8:62:69:03:b1:2f:76:a1:21:bb:05:34:05:be:67:e2
ed:be:ed:e0:c6:2f:18:7a:4e:85:97:81:50:79:9c:d9
af:b1:ab:27:68:d1:3f:a9:94:22:ff:a8:eb:72:45:90
c1:ac:ca:ef:c9:da:bb:2c:6d:a3:a4:f6:d1:3b:9d:bf
d9:1a:c4:2f:2e:ed:8a:96:1c:fb:14:03:ca:8e:f5:51
94:76:08:e0:75:d0:3d:36:ae:95:4f:56:73:4f:18:6f
58:2b:94:01:a9:df:06:f0:c4:07:be:3e:bb:20:c6:dc
7a:bb:6a:04:20:d4:9d:37:59:8c:47:cd:49:37:f7:cc
18:92:4f:3c:6b:38:23:87:14:14:26:ff:98:b3:e0:9e
a2:29:32:4f:27:1d:85:02:62:05:7d:45:a8:e4:eb:10
dc:75:55:9a:32:d1:30:fb:a8:e2:3d:a9:05:85:38:c1
0c:8d:c6:6d:10:3a:bc:9b:21:a9:21:c7:3a:21:be:b0
e0:83:4c:35:44:dd:8b:4d:34:ac:18:d7:14:e6:64:fb
43:cc:57:bd:d1:d6:85:73:16:25:e9:f0:3f:12:22:27
51:ca:0c:85:b6:01:e1:60:4b:14:29:e3:41:0c:aa:b0
48:c7:86:be:02:1a:36:87:b6:69:41:dd:ea:74:ee:41
f7:2d:9e:1b:0d:c2:b9:5f:8c:d2:3a:e1:40:57:3f:2d
51:bf:e1:12:92:ef:cb:b7:b8:05:2c:0c:e8:a9:66:1c
b3:ea:64:90:d7:8b:24:c8:c1:e5:0f:15:94:63:46:ef
a6:e8:9a:5f:80:34:26:b3:fc:73:fe:74:12:48:f3:83
a7
Exponent (bits 24):
01:00:01
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Subject Key Identifier (not critical):
2d3b81b3d6373615164f93815555d2858201da81
Other Information:
Public Key ID:
sha1:2d3b81b3d6373615164f93815555d2858201da81
sha256:eec2fd786efb96250a8ba29bfa132ec60aedd8e15eb650eb030a28866ef7fe60
Public Key PIN:
pin-sha256:7sL9eG77liUKi6Kb+hMuxgrt2OFetlDrAwoohm73/mA=
Signing certificate...
|<2>| signing structure using RSA-SHA256
|<3>| ASSERT: common.c[_gnutls_x509_der_encode]:855
|<3>| ASSERT: sign.c[_gnutls_x509_pkix_sign]:174
|<3>| ASSERT: x509_write.c[gnutls_x509_crt_privkey_sign]:1834
crt_sign: ASN1 parser: Value is not valid.
```
## Expected results:
A self-signed certificate.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1144
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210107/cdc43558/attachment-0001.html>
More information about the Gnutls-devel
mailing list