Re: [Help-gnutls] Key usage violation in certificate

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnutls] Key usage violation in certificate

From:	Kevin P. Fleming
Subject:	Re: [Help-gnutls] Key usage violation in certificate
Date:	Fri, 31 Oct 2008 10:29:04 -0500
User-agent:	Thunderbird 2.0.0.17 (X11/20080925)

Daniel Kahn Gillmor wrote:

> I can't seem to connect to your server with either openssl or gnutls,
> actually.  Can you?  
> 
> [0 address@hidden ~]$ openssl s_client -showcerts -verify 5 -connect 
> origsvn.digium.com:443
> verify depth is 5
> CONNECTED(00000003)
> depth=1 /C=US/ST=Alabama/L=Huntsville/O=Digium, Inc./OU=Asterisk Development 
> Team/CN=Digium SVN CA/address@hidden
> verify error:num=19:self signed certificate in certificate chain
> verify return:1
> depth=1 /C=US/ST=Alabama/L=Huntsville/O=Digium, Inc./OU=Asterisk Development 
> Team/CN=Digium SVN CA/address@hidden
> verify return:1
> depth=0 /C=US/ST=Alabama/L=Huntsville/O=Digium/OU=Asterisk Development 
> Team/CN=origsvn.digium.com/address@hidden
> verify return:1
> 28424:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake 
> failure:s3_pkt.c:1053:SSL alert number 40
> 28424:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake 
> failure:s23_lib.c:188:
> [0 address@hidden ~]$ gnutls-cli --verbose  origsvn.digium.com --port 443
> Resolving 'origsvn.digium.com'...
> Connecting to '216.207.245.42:443'...
> - Server's trusted authorities:
>    [0]: C=US,ST=Alabama,L=Huntsville,O=Digium\, Inc.,OU=Asterisk Development 
> Team,CN=Digium SVN CA,address@hidden
> - Successfully sent 0 certificate(s) to server.
> *** Fatal error: A TLS fatal alert has been received.
> *** Received alert [40]: Handshake failed
> *** Handshake has failed
> GNUTLS ERROR: A TLS fatal alert has been received.
> [1 address@hidden ~]$ 

OK, I've attached (hopefully it will make it through the list) a client
cert that will allow TLS negotiation to complete on
https://origsvn.digium.com (although the resulting connection won't be
authorized to do anything).

If the GNUTLS experts can try connecting with this as the client cert
and inform me why GNUTLS reports a key usage violation on the server
cert that would be awesome :-)


-- 
Kevin P. Fleming
Director of Software Technologies
Digium, Inc. - "The Genuine Asterisk Experience" (TM)

gnutlstest-cert.p12
Description: Binary data

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnutls] Key usage violation in certificate, Kevin P. Fleming, 2008/10/30
- [Help-gnutls] Re: Key usage violation in certificate, Simon Josefsson, 2008/10/30
- Re: [Help-gnutls] Key usage violation in certificate, Daniel Kahn Gillmor, 2008/10/30
  - Re: [Help-gnutls] Key usage violation in certificate, Kevin P. Fleming, 2008/10/30
  - Re: [Help-gnutls] Key usage violation in certificate, Kevin P. Fleming <=

Prev by Date: Re: [Help-gnutls] Signing multicast traffic with gnutls API ?
Next by Date: [Help-gnutls] Not at home
Previous by thread: Re: [Help-gnutls] Key usage violation in certificate
Index(es):
- Date
- Thread