Curtis Villamizar <cur...@ipv6.occnc.com> writes: > That is OK if using RSA. Doesn't help with EC CA certs.
Yes, because the gnutls_x509_spki_t structure was introduced to cover the use-case of RSA-PSS. The question is why you determine that it's the cause of the failure you are facing; if you are dealing with EC certs, that structure shouldn't be used at all. That's why I'm asking for a reproducer. Aren't you able to achieve the same task with certtool either? See also: https://www.chiark.greenend.org.uk/~sgtatham/bugs.html#symptoms :-) Regards, > Curtis > > > In message <87y2m1cyck.fsf-u...@gnu.org> > Daiki Ueno writes: >> >> Hello Curtis, >> >> Curtis Villamizar <cur...@ipv6.occnc.com> writes: >> >> There are quite a lot here and I can't tell what is the root cause until >> I see the code. Would it be possible to provide a standalone >> reproducer? >> >> > So there are two issues here: >> > >> > 1. No way to fill in a spki struct. I may be missing something. >> >> This one is easy to answer: you can use gnutls_x509_spki_init, >> gnutls_x509_spki_set_rsa_pss_params, and gnutls_x509_spki_deinit. >> >> Regards, >> -- >> Daiki Ueno > > !DSPAM:5f46975d31589564056514466! _______________________________________________ Gnutls-help mailing list Gnutls-help@lists.gnutls.org http://lists.gnupg.org/mailman/listinfo/gnutls-help