[Pkg-erlang-devel] Bug#933040: ejabberd: certificates created with GnuTLS no longer compatible with ejabberd
Philipp Huebner
debalance at debian.org
Fri Jul 26 09:38:14 BST 2019
Hi,
thank you very much for this detailed bugreport!
I have contacted upstream, and they requested sample certificates (PEMs)
for ejabberd (cert+key) and CA (without key).
I tried running your script on Buster, but it fails:
$ ./gen
Password: test
Generating private-int-key.pem...
Assuming PKCS #8 format...
** Note: You may use '--sec-param High' instead of '--bits 4096'
Generating a 4096 bit RSA private key...
Generating private-int-req.pem...
Generating a PKCS #10 certificate request...
Generating private-int-cert.pem
Generating a signed certificate...
error importing CA certificate: public/private-ca-cert.pem: Base64
unexpected header error.
With sample PEMs I'll forward this to an issue at
https://github.com/processone/pkix, you're welcome to do it yourself if
you like.
FWIW, upstream also suspects this to be a bug in Erlang itself rather
than ejabberd, hence I'm CCing the Erlang maintainer(s).
Best wishes
--
.''`. Philipp Huebner <debalance at debian.org>
: :' : pgp fp: 6719 25C5 B8CD E74A 5225 3DF9 E5CA 8C49 25E4 205F
`. `'`
`-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-erlang-devel/attachments/20190726/03e03498/attachment.sig>
More information about the Pkg-erlang-devel
mailing list