On Wednesday 30 March 2005 20:01, Andreas Thienemann wrote: > On Wed, 30 Mar 2005, Nikos Mavrogiannopoulos wrote: > >> From my understanding of x509 keys, this means that the certificate is > >> used in a way which does not correspond with the allowed usage cases. > > Correct. Gnutls checks the key usage X.509 certificate extension. > > That is, for example, if the RSA key is marked encrypt only, you cannot > > use the DHE_RSA algorithm that requires signing. > Which extension exactly is checked? > key usage and extended key usage? Key usage.
> > Use the output of certtool or the -text output of openssl x509. Try > > ./certtool -i <server.crt > Okay. certtool seems to have some problems recognizing some extensions as They are private extensions. > only numbers are shown and to have some problems with the DER parsing. I will try to check this problem. > But one of the recognized key purpose seems okay to me: TLS WWW Server. The key purpose is ok. The key usage is not. > Key usage: > Key encipherment. This only works with plain RSA cipher suites. That means that your server MUST NOT use DHE_RSA, which is a signing ciphersuite. > Besides the fact that this should be valid for all kind of TLS servers, it > looks okay to me. No this is not valid for all TLS servers. Only for the ones that use plain RSA. > Additionally the key usage "Key encipherment" should be okay as well, that > is if I understand the different usages correctly. You need the digital signature flag in order to use the DHE_RSA and RSA_EXPORT ciphersuites. > > gnutls does not check the purpose, but rather the key usage. > _ONLY_ the key usage? Only the key usage. The key purpose is quite high level and should be checked at the application level. > Then I do not understand the problem. > According to > http://www.dfn-pca.de/certify/ssl/handbuch/ossl095/ossl095-4.html#s-gebr-ke >yusage (german stuff about the dfc cert) ssl servers need "key encipherment" > set. I didn't read it but probably they talk about the RSA ciphersuites. So just disable the DHE_RSA ciphersuites in your server. Usually it is a good practice to limit the scope of the key to signature or encryption only to avoid certain kind of attacks. > bye, > andreas -- Nikos Mavrogiannopoulos _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
