On 10/11/2011 07:30 AM, Nikos Mavrogiannopoulos wrote: > On Tue, Oct 11, 2011 at 4:24 AM, Erinn Looney-Triggs > <[email protected]> wrote: >> I am receiving the following error when trying to use gnutls-cli: >> gnutls-cli --x509cafile /etc/pki/certmaster/ca.cert --x509keyfile >> foo.example.com.pem --x509certfile foo.example.com.cert -p 514 >> bar.example.com >> Processed 1 CA certificate(s). >> Processed 1 client certificates... >> *** Error loading key file: Base64 decoding error. > I suppose it is a base64 decoding error? It could be that there are > carriage returns, spaces or tabs in the PEM encoded file and gnutls > 2.8.x doesn't like them. > >> I am able to successfully render the private key using openssl: >> openssl rsa -noout -text -in <key> > openssl as well as Gnutls 2.12.x are more liberal in PEM (base64) decoding. > >> Is their an equivalent command for gnutls? > Upgrade to 2.12.x or use openssl to convert the file to "correct" > encoding and then try loading again. > > regards, > Nikos
Thanks, I dug into this further last night. I am no expert in this realm but it looks like the problem lies in the fact that the key is in PKCS#8 format. With the version of gnutls I have on RHEL 6, certtool will happily decode it automatically via certtool -k, however, gnutls-cli will not, nor in fact will rsyslog which is what really drove me down this path. Rsyslog simply crashes and core dumps. Rumor is that there is a gnutls function that will automatically detect/decode pkcs#8 format, but I have yet to find it or fully understand this situation, so I am continuing to look. Again if you have any advice I would apprecciate it, upgrading isn't much of an option at least in the short term, I may be able to coax Red Hat into an upgrade but I doubt it. -Erinn _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
