After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 664321 - GTlsCertificate should support unencrypted PKCS#8 keys
GTlsCertificate should support unencrypted PKCS#8 keys
Status: RESOLVED FIXED
Product: glib
Classification: Platform
Component: network
2.30.x
Other Linux
: Normal normal
: ---
Assigned To: gtkdev
gtkdev
Depends on:
Blocks:
 
 
Reported: 2011-11-18 09:23 UTC by ayo
Modified: 2011-11-19 01:32 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
The openssl-generated certificate and private key (10.00 KB, application/octet-stream)
2011-11-18 09:23 UTC, ayo
Details

Description ayo 2011-11-18 09:23:07 UTC
Created attachment 201650 [details]
The openssl-generated certificate and private key

g_tls_certificate_new_from_files() returns a "No PEM-encoded private key found" error when used on certificates generated with openssl.

From what I've tested, it *can* load these certificates on Arch linux with the packages glib-networking 2.28.7-1 and gnutls 3.0.3-1. But it gives the above error on:
- Arch Linux with glib-networking 2.30.1-1 and gnutls 3.0.7-1
- Ubuntu 11.10 with glib-networking 2.30.0-0ubuntu1 and libgnutls26 2.10.5-1ubuntu3

Attached are the certificate files on which it fails. They were created using the following command.

echo "
[ req ]
prompt = no
distinguished_name = req_distinguished_name

[ req_distinguished_name ]
CN=Unknown
OU=Unknown
O=Unknown
L=Unknown
ST=Unknown
C=UN
" >tmp
openssl req -x509 -config tmp -new -newkey rsa:1024 -nodes -days 3650 -keyout key.pem -out cert.pem
Comment 1 Dan Winship 2011-11-18 14:21:58 UTC
Hm. Yes. You need to use:

  openssl rsa -in badkey.pem -out goodkey.pem

to convert it to the right format

But we should support both formats.

(Bug 657247 is related, but that's about encrypted private keys, which are more complicated to deal with; unencrypted ones should be pretty simple.)
Comment 2 Dan Winship 2011-11-19 01:32:34 UTC
fixed in glib and glib-networking master