Hello, 6 décembre 2019 04:54 "Nikos Mavrogiannopoulos" <[email protected]> a écrit:
> You may want to check your gnutls version. This template option was > added at 3.5.3. > Nevertheless, I use a Debian Buster with gnutls 3.6.7 Here is a gist with the script and template files I use for my demonstration: https://gist.github.com/babelouest/0c5076462d52f8ecf7c33c9862681687 The log file output is attached, and more specifically, the client certificate output is: Generating a signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 736c577633f2962c130569396e9c8532394975ea Validity: Not Before: Fri Dec 06 14:30:20 UTC 2019 Not After: Fri Nov 20 14:30:20 UTC 2020 Subject: C=CA,O=babelouest,OU=Authenticator Attestation,CN=glewlwyd_packed Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: High (256 bits) Curve: SECP256R1 X: 3d:ca:36:10:58:e0:f0:49:cc:61:47:57:ac:ee:83:60 45:29:c2:23:ab:50:1f:00:50:1b:9e:8e:51:e4:e7:8d Y: 58:e4:9c:5f:81:c0:dd:d7:44:8b:c9:a2:b4:04:48:16 d0:f1:86:46:d2:b5:2b:be:9b:f5:ce:76:af:3a:65:e7 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Key Usage (critical): Digital signature. Subject Key Identifier (not critical): 945473da3bfe497d2b712dc3cef6e4a692be8b29 Authority Key Identifier (not critical): 6e245f7b8f84bb602631dc9b3a33af2fb58670f3 Other Information: Public Key ID: sha1:945473da3bfe497d2b712dc3cef6e4a692be8b29 sha256:9cccc45cc2996175ed3567a0033ef413309228d78b5364b8270ad962f14d49a0 Public Key PIN: pin-sha256:nMzEXMKZYXXtNWegAz70EzCSKNeLU2S4JwrZYvFNSaA=
Generate test certificates certtool 3.6.7 Copyright (C) 2000-2019 Free Software Foundation, and others, all rights reserved. This is free software. It is licensed for use, modification and redistribution under the terms of the GNU General Public License, version 3 or later <http://gnu.org/licenses/gpl.html> Please send bug reports to: <[email protected]> Generate CA Private key Generating a 3072 bit RSA private key... Generate CA Certificate Generating a PKCS #10 certificate request... Generating a self signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 23af052a366a6aadd098a8d9a2a7e353d84ee428 Validity: Not Before: Fri Dec 06 14:30:20 UTC 2019 Not After: Fri Nov 05 14:30:20 UTC 2021 Subject: O=babelouest,CN=glewlwyd_packed_ca Subject Public Key Algorithm: RSA Algorithm Security Level: High (3072 bits) Modulus (bits 3072): 00:da:84:62:e6:5c:dd:b5:18:ee:2d:c4:3a:0e:b0:eb 28:bd:db:d5:03:7f:10:3a:00:98:bb:de:66:bc:c7:29 60:8a:4a:a2:dc:e4:ac:e0:fe:c1:48:25:cb:6b:c5:5f 90:05:16:4a:0c:15:c7:1c:a0:07:41:86:0e:b8:33:65 79:fa:9b:cf:5b:72:71:4d:72:2f:b3:a7:1a:c1:62:bd 4e:ec:d6:90:02:38:34:48:fd:3c:26:21:2e:cd:3d:b1 01:70:41:f3:6c:3f:86:06:0c:bb:89:47:b3:9a:6f:c5 e8:4c:ad:b9:02:dd:77:1c:5a:54:dc:01:9d:ca:b5:8f a9:22:6a:3a:cf:87:d2:b9:52:58:0f:b3:f5:2b:57:16 41:e1:92:63:e9:1c:3b:3e:28:f1:49:58:78:74:e6:7f 34:d5:22:cd:0a:5d:f2:4e:c0:13:b0:57:32:c1:44:23 90:07:70:e6:72:b8:ca:9f:1a:f4:f6:4e:55:69:6d:e1 8a:3a:77:cb:e6:ee:22:2a:c7:c6:15:7b:c0:5d:19:39 e8:87:d4:d3:e0:f7:2e:99:9b:73:93:e8:88:e8:05:73 3d:37:53:50:f4:90:27:8d:09:da:cf:be:d8:48:fe:30 84:2a:c8:f2:7d:79:ec:b6:f6:d9:29:f0:35:af:33:2f 0c:59:69:1c:3e:ce:12:b0:64:6a:4c:30:be:bd:c7:a4 fc:d4:92:9b:af:ea:72:6f:50:69:2e:21:46:ff:15:ec 1d:53:40:99:99:c4:cf:0d:18:26:9a:cc:89:bd:aa:a9 14:ad:87:ef:e9:58:a0:0b:97:4e:75:d5:e5:d7:b8:8f 3c:ee:5c:e8:3d:85:8a:8f:1c:ea:91:b6:94:bf:fd:b4 15:4d:1c:1b:e7:8a:ec:a4:0b:26:fb:97:34:e2:c0:b3 c9:ae:ea:65:31:61:d6:ac:02:9a:18:1f:c5:16:10:56 1f:69:f0:3b:d7:8e:4e:02:5e:54:de:18:2c:b3:3b:1f bd Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): TRUE Key Usage (critical): Certificate signing. Subject Key Identifier (not critical): 6e245f7b8f84bb602631dc9b3a33af2fb58670f3 Other Information: Public Key ID: sha1:6e245f7b8f84bb602631dc9b3a33af2fb58670f3 sha256:09322bb658f3eafa35d37e46b5e734a400f6ba68f914a2b48a9f8d3ede27386f Public Key PIN: pin-sha256:CTIrtljz6vo1035Gtec0pAD2umj5FKK0ip+NPt4nOG8= Signing certificate... Generate Client private key Generating a 256 bit EC/ECDSA private key ... Generate Client signed certificate Generating a PKCS #10 certificate request... Generating a signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 736c577633f2962c130569396e9c8532394975ea Validity: Not Before: Fri Dec 06 14:30:20 UTC 2019 Not After: Fri Nov 20 14:30:20 UTC 2020 Subject: C=CA,O=babelouest,OU=Authenticator Attestation,CN=glewlwyd_packed Subject Public Key Algorithm: EC/ECDSA Algorithm Security Level: High (256 bits) Curve: SECP256R1 X: 3d:ca:36:10:58:e0:f0:49:cc:61:47:57:ac:ee:83:60 45:29:c2:23:ab:50:1f:00:50:1b:9e:8e:51:e4:e7:8d Y: 58:e4:9c:5f:81:c0:dd:d7:44:8b:c9:a2:b4:04:48:16 d0:f1:86:46:d2:b5:2b:be:9b:f5:ce:76:af:3a:65:e7 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Key Usage (critical): Digital signature. Subject Key Identifier (not critical): 945473da3bfe497d2b712dc3cef6e4a692be8b29 Authority Key Identifier (not critical): 6e245f7b8f84bb602631dc9b3a33af2fb58670f3 Other Information: Public Key ID: sha1:945473da3bfe497d2b712dc3cef6e4a692be8b29 sha256:9cccc45cc2996175ed3567a0033ef413309228d78b5364b8270ad962f14d49a0 Public Key PIN: pin-sha256:nMzEXMKZYXXtNWegAz70EzCSKNeLU2S4JwrZYvFNSaA= Signing certificate...
_______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
