[Pkg-erlang-devel] Bug#933040: ejabberd: certificates created with GnuTLS no longer compatible with ejabberd

Philipp Huebner debalance at debian.org
Fri Jul 26 09:38:14 BST 2019


thank you very much for this detailed bugreport!

I have contacted upstream, and they requested sample certificates (PEMs)
for ejabberd (cert+key) and CA (without key).

I tried running your script on Buster, but it fails:
$ ./gen
Password: test
Generating private-int-key.pem...
Assuming PKCS #8 format...
** Note: You may use '--sec-param High' instead of '--bits 4096'
Generating a 4096 bit RSA private key...
Generating private-int-req.pem...
Generating a PKCS #10 certificate request...
Generating private-int-cert.pem
Generating a signed certificate...
error importing CA certificate: public/private-ca-cert.pem: Base64
unexpected header error.

With sample PEMs I'll forward this to an issue at
https://github.com/processone/pkix, you're welcome to do it yourself if
you like.

FWIW, upstream also suspects this to be a bug in Erlang itself rather
than ejabberd, hence I'm CCing the Erlang maintainer(s).

Best wishes
 .''`.   Philipp Huebner <debalance at debian.org>
: :'  :  pgp fp: 6719 25C5 B8CD E74A 5225  3DF9 E5CA 8C49 25E4 205F
`. `'`

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-erlang-devel/attachments/20190726/03e03498/attachment.sig>

More information about the Pkg-erlang-devel mailing list