On Thu, Nov 10, 2011 at 12:08 PM, Nikos Mavrogiannopoulos <[email protected]> wrote: > On 11/10/2011 08:58 PM, Nikos Mavrogiannopoulos wrote: > >>>> What do you mean verify a CSR? Verify the self signature? That is being >>>> done automatically when it is signed. >>> Ah yes, I see that. Openssl has a command to verify without signing. >>> The reason I'm not using certtool to generate the request is that I >>> already had a script to generate certs using openssl. The only reason >>> I used certtool for the key was that gnutls does not read openssl ec >>> keys (Thats the issue I reported a few days ago). >>> After investigating, it appears that the problem lies in gnutls >>> generating a bad EC key on the BAD system. Both gnutls and openssl (on >>> both GOOD and BAD systems) will happily generate a CSR using that bad >>> key, but both will fail the verification when trying to sign the CSR. >> Can you send me that (bad) key? What kind of system is the BAD system? > > I just noticed it was attached. It is indeed incorrect. Did you run > "make check" on the gnutls source on that system? Could you provide > information about the CPU (32-bit/64-bit, endianness etc.). >
The bad systems are a MacBook Pro (Intel Core i7 / MacBokPro6,2) and a Mac Pro (Quad-Core Intel Xeon / MacPro4,1), both running Snow Leopard (10.6.8) Those are using gnutls 3.0.7 Those register as x86_64-apple-darwin10.8.0 The good system is an iMac (Intel Core i7 / iMac12,2) running Lion (10.7.2) This is with gnutls 3.0.5 This one register as x86_64-apple-darwin11.2.0 I had to disable assembly and hardware acceleration for nettle and gnutls because assembly would not compile. make check failed in all cases with "../gl/getopt.h:197: error: redefinition of 'struct option'" -- Fabrice _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
