On 11/10/2011 08:44 PM, Fabrice Gautier wrote: > On Thu, Nov 10, 2011 at 11:16 AM, Nikos Mavrogiannopoulos > <[email protected]> wrote: >> On 11/10/2011 07:48 PM, Fabrice Gautier wrote: >> >>> Ahah, so it happens to work on one of my machines, but not on the other two. >>> The machine were it works is a mac running Lion, the other two are >>> macs running SnowLeopard. >>> I'm recompiling gnutls from source on all of them, openssl is also >>> recompiled (either from source or through macports) so I'm guessing >>> that something went wrong while compiling. On some machine, I used the >>> gmp that came with macport, on others I recompiled myself, so who >>> knows where the problem lies... >>> Is there a way to verify a CSR with gnutls's certtool ? >> >> What do you mean verify a CSR? Verify the self signature? That is being >> done automatically when it is signed. > Ah yes, I see that. Openssl has a command to verify without signing. > The reason I'm not using certtool to generate the request is that I > already had a script to generate certs using openssl. The only reason > I used certtool for the key was that gnutls does not read openssl ec > keys (Thats the issue I reported a few days ago). > After investigating, it appears that the problem lies in gnutls > generating a bad EC key on the BAD system. Both gnutls and openssl (on > both GOOD and BAD systems) will happily generate a CSR using that bad > key, but both will fail the verification when trying to sign the CSR.
Can you send me that (bad) key? What kind of system is the BAD system? regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
