[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "known in advance" public key authentication?
From: |
Ivan Shmakov |
Subject: |
Re: "known in advance" public key authentication? |
Date: |
Mon, 19 Nov 2012 14:09:21 +0700 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.2 (gnu/linux) |
>>>>> Nikos Mavrogiannopoulos <address@hidden> writes:
>>>>> On 11/13/2012 09:01 PM, Ivan Shmakov wrote:
[…]
>> Then, however, gnutls_handshake () fails with
>> GNUTLS_E_PK_SIG_VERIFY_FAILED. Do I understand it correctly that
>> such an error points to some bug in the certificate signing part?
> It means that the TLS signature in the session cannot be verified
> using the provided certificate.
ACK, thanks.
> Could it be a mismatch between your certificate and the private key?
> Did you try with certtool generated certificates?
I did it the other way around: added a gnutls_x509_crt_export ()
call to my code, and investigated the result with certtool(1).
> I'd suggest to increase verbosity in order to find out what is the
> actual reason of failure.
The problem was that I've embedded the key pairs into the code
roughly as follows:
char x[]
= ("\x1337\xcafe" ...);
Somewhat surprisingly, the compiler interpreted that as:
char x[]
= { 0x1337, 0xcafe, ... }; /* IOW, { 0x37, 0xfe, ... } */
instead of the intended:
char x[]
= { 0x13, '3', '7', 0xca, 'f', 'e', ... };
After I've made the code less ambiguous, the issue was no more:
$ ./cbx34kx8szoy1wgdshn99dhz4d
We're the Client; xfd = 3
We're the Server; xfd = 4
S: gnutls_handshake () => 0 (Success.) ; 2 (No such file or directory)
C: gnutls_handshake () => 0 (Success.) ; 2 (No such file or directory)
Read 4 bytes, starting with 13 37 ffffffca fffffffe
$
(The code above uses socketpair (AF_UNIX, ...) to establish a
connection to run GnuTLS over.)
--
FSF associate member #7257
- "known in advance" public key authentication?, Ivan Shmakov, 2012/11/07
- Re: "known in advance" public key authentication?, Graham Murray, 2012/11/07
- Re: "known in advance" public key authentication?, Daniel Kahn Gillmor, 2012/11/07
- Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/07
- Re: "known in advance" public key authentication?, Daniel Kahn Gillmor, 2012/11/07
- Re: "known in advance" public key authentication?, Nikos Mavrogiannopoulos, 2012/11/07
- Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/11
- Re: "known in advance" public key authentication?, Nikos Mavrogiannopoulos, 2012/11/13
- Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/13
- Re: "known in advance" public key authentication?, Nikos Mavrogiannopoulos, 2012/11/14
- Re: "known in advance" public key authentication?,
Ivan Shmakov <=
Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/07
Re: "known in advance" public key authentication?, Ilari Liusvaara, 2012/11/07
Re: "known in advance" public key authentication?, Florian Weimer, 2012/11/07
Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/07