Timo Gerke wrote: > Dear List, > > I think I've discoverd an other bug. > Then I generate a CSR signed with an DSA key an verify the request > with openssl the verification fails. > I did: > > a.1) certtool -p --dsa --disable-quick-random --outfile dsakey.pem > a.2) certtool --to-p8 --pkcs-cipher aes-256 --load-privkey dsakey.pem > --outfile dsakey.p8 > b) certtool -8q --load-privkey --load-privkey dsakey.pem --outfile newreq.pem > c) openssl req -verify -noout -in newreq.csr > > Error message is: > 2936:error:0A071066:dsa routines:DSA_do_verify:bad q value:dsa_ossl.c:309: > 2936:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP > lib:a_verify.c:168:
Hello, It seems openssl doesn't support DSA keys of size more than 1024 bits. Use --bits 1024 on your first command and it will work. > BTW the format autodectetion of certtool seems not to work properly. Does it have autodetection? :) regardsm Nikos _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
