[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [sr #107540] iPhone/iPad TLS negotiation to postfix fails with certt
From: |
Michael Rommel |
Subject: |
Re: [sr #107540] iPhone/iPad TLS negotiation to postfix fails with certtool certs, works with openssl certs |
Date: |
Sun, 5 Dec 2010 15:29:42 +0100 |
Hi Nikos,
doing the same patch you suggested in a second location:
Line 1181 in lib/x509/common.c
/* result = asn1_write_value (dst, name, NULL, 0); */
result = asn1_write_value (dst, name, "\x05\x00", 2);
did do the trick. Now the certificate is accepted and displayed for acceptance.
I'll update the info as soon as savannah is reachable again, the last hour or
so, no connection was possible.
Can you please give me a little bit more information, where I can find out more
about the correct parameters?
RFC3279 states:
The ASN.1 object identifier used to identify this signature algorithm
is:
sha-1WithRSAEncryption OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-1(1) 5 }
When any of these three OIDs appears within the ASN.1 type
AlgorithmIdentifier, the parameters component of that type SHALL be
the ASN.1 type NULL.
The RSA signature generation process and the encoding of the result
is described in detail in PKCS #1 [RFC 2313].
So it is a SHOULD. But can you leave it out or what can you do, when you don't
want to follow the SHOULD route?
I'd try to take the info to the openssl team and Apple because it would be
their part now... But if the behaviour is not defined how to handle the
non-SHOULD way it would make it difficult.
What's you opinion on that?
Thanks a lot!
Michael.
On 5. Dec 2010, at 11:20 , Nikos Mavrogiannopoulos wrote:
>
> Follow-up Comment #7, sr #107540 (project gnutls):
>
> Could you try the attached patch, on whether generates certificates that are
> accepted by the devices?
>
> (file #22126)
> _______________________________________________________
>
> Additional Item Attachment:
>
> File name: patch.txt Size:0 KB
>
>
> _______________________________________________________
>
> Reply to this item at:
>
> <http://savannah.gnu.org/support/?107540>
>
> _______________________________________________
> Message sent via/by Savannah
> http://savannah.gnu.org/
>
--
Michael Rommel, Erlangen, Germany
- [sr #107540] iPhone/iPad TLS negotiation to postfix fails with certtool certs, works with openssl certs, (continued)
- [sr #107540] iPhone/iPad TLS negotiation to postfix fails with certtool certs, works with openssl certs, Nikos Mavrogiannopoulos, 2010/12/05
- [sr #107540] iPhone/iPad TLS negotiation to postfix fails with certtool certs, works with openssl certs, Nikos Mavrogiannopoulos, 2010/12/05
- [sr #107540] iPhone/iPad TLS negotiation to postfix fails with certtool certs, works with openssl certs, Andreas Metzler, 2010/12/05
- [sr #107540] iPhone/iPad TLS negotiation to postfix fails with certtool certs, works with openssl certs, Michael Rommel, 2010/12/05
- [sr #107540] iPhone/iPad TLS negotiation to postfix fails with certtool certs, works with openssl certs, Nikos Mavrogiannopoulos, 2010/12/05
- [sr #107540] iPhone/iPad TLS negotiation to postfix fails with certtool certs, works with openssl certs, Nikos Mavrogiannopoulos, 2010/12/05
- Message not available
- [sr #107540] iPhone/iPad TLS negotiation to postfix fails with certtool certs, works with openssl certs, Michael Rommel, 2010/12/05
- [sr #107540] iPhone/iPad TLS negotiation to postfix fails with certtool certs, works with openssl certs, Michael Rommel, 2010/12/05
- [sr #107540] iPhone/iPad TLS negotiation to postfix fails with certtool certs, works with openssl certs, Michael Rommel, 2010/12/08
- [sr #107540] iPhone/iPad TLS negotiation to postfix fails with certtool certs, works with openssl certs, Nikos Mavrogiannopoulos, 2010/12/08
- Re: [sr #107540] iPhone/iPad TLS negotiation to postfix fails with certtool certs, works with openssl certs,
Michael Rommel <=
- Re: [sr #107540] iPhone/iPad TLS negotiation to postfix fails with certtool certs, works with openssl certs, Nikos Mavrogiannopoulos, 2010/12/05
- Re: [sr #107540] iPhone/iPad TLS negotiation to postfix fails with certtool certs, works with openssl certs, Michael Rommel, 2010/12/06