[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Help required for CSR validation
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: Help required for CSR validation |
Date: |
Tue, 24 Nov 2009 21:34:25 +0200 |
User-agent: |
Thunderbird 2.0.0.23 (X11/20090817) |
Wilankar, Trupti wrote:
> Hi,
>
> I have used Certtool from GnuTLS Windows version 2.9.9.
> A 2048 bit private key was generated using Certtool (Command: certtool -p
> --outfile priv.key --bits 2048).
> This private key was used to create CSRs, both on OpenSSL and Certtool. The
> DN fields (C, CN, ST, L, O, OU) used in both CSRs are also same.
Could you also try this patch? I noticed that integers in bit strings in
openssl contain a leading zero. This patch makes certtool behave the same.
diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c
index dc18eaa..50ce873 100644
--- a/lib/x509/mpi.c
+++ b/lib/x509/mpi.c
@@ -380,14 +380,14 @@ _gnutls_x509_write_rsa_params (bigint_t * params, int
params_size,
return _gnutls_asn2err (result);
}
- result = _gnutls_x509_write_int (spk, "modulus", params[0], 0);
+ result = _gnutls_x509_write_int (spk, "modulus", params[0], 1);
if (result < 0)
{
gnutls_assert ();
goto cleanup;
}
- result = _gnutls_x509_write_int (spk, "publicExponent", params[1], 0);
+ result = _gnutls_x509_write_int (spk, "publicExponent", params[1], 1);
if (result < 0)
{
gnutls_assert ();
@@ -514,21 +514,21 @@ _gnutls_x509_write_dsa_params (bigint_t * params, int
params_size,
return _gnutls_asn2err (result);
}
- result = _gnutls_x509_write_int (spk, "p", params[0], 0);
+ result = _gnutls_x509_write_int (spk, "p", params[0], 1);
if (result < 0)
{
gnutls_assert ();
goto cleanup;
}
- result = _gnutls_x509_write_int (spk, "q", params[1], 0);
+ result = _gnutls_x509_write_int (spk, "q", params[1], 1);
if (result < 0)
{
gnutls_assert ();
goto cleanup;
}
- result = _gnutls_x509_write_int (spk, "g", params[2], 0);
+ result = _gnutls_x509_write_int (spk, "g", params[2], 1);
if (result < 0)
{
gnutls_assert ();
@@ -580,7 +580,7 @@ _gnutls_x509_write_dsa_public_key (bigint_t * params, int
params_size,
return _gnutls_asn2err (result);
}
- result = _gnutls_x509_write_int (spk, "", params[3], 0);
+ result = _gnutls_x509_write_int (spk, "", params[3], 1);
if (result < 0)
{
gnutls_assert ();
- Help required for CSR validation, Wilankar, Trupti, 2009/11/17
- Re: Help required for CSR validation, Nikos Mavrogiannopoulos, 2009/11/18
- RE: Help required for CSR validation, Wilankar, Trupti, 2009/11/19
- Re: Help required for CSR validation, Simon Josefsson, 2009/11/19
- RE: Help required for CSR validation, Wilankar, Trupti, 2009/11/20
- Re: Help required for CSR validation, Nikos Mavrogiannopoulos, 2009/11/21
- RE: Help required for CSR validation, Wilankar, Trupti, 2009/11/23
- Re: Help required for CSR validation, Daniel Kahn Gillmor, 2009/11/23
- RE: Help required for CSR validation, Wilankar, Trupti, 2009/11/24
- Re: Help required for CSR validation, Nikos Mavrogiannopoulos, 2009/11/24
- Re: Help required for CSR validation,
Nikos Mavrogiannopoulos <=
- Re: Help required for CSR validation, Boyan Kasarov, 2009/11/24
- Re: Help required for CSR validation, Nikos Mavrogiannopoulos, 2009/11/24
- Re: Help required for CSR validation, Boyan Kasarov, 2009/11/24
- Re: Help required for CSR validation, Nikos Mavrogiannopoulos, 2009/11/26
- Re: Help required for CSR validation, Nikos Mavrogiannopoulos, 2009/11/27
- RE: Help required for CSR validation, Wilankar, Trupti, 2009/11/25