On 11/10/2011 08:58 PM, Nikos Mavrogiannopoulos wrote: >>> What do you mean verify a CSR? Verify the self signature? That is being >>> done automatically when it is signed. >> Ah yes, I see that. Openssl has a command to verify without signing. >> The reason I'm not using certtool to generate the request is that I >> already had a script to generate certs using openssl. The only reason >> I used certtool for the key was that gnutls does not read openssl ec >> keys (Thats the issue I reported a few days ago). >> After investigating, it appears that the problem lies in gnutls >> generating a bad EC key on the BAD system. Both gnutls and openssl (on >> both GOOD and BAD systems) will happily generate a CSR using that bad >> key, but both will fail the verification when trying to sign the CSR. > Can you send me that (bad) key? What kind of system is the BAD system?
I just noticed it was attached. It is indeed incorrect. Did you run "make check" on the gnutls source on that system? Could you provide information about the CPU (32-bit/64-bit, endianness etc.). regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
