Bug#579631: gnutls-bin: gnutls fails to base64 decode cert if header has additional space at EOL

Philipp Kolmann philipp at kolmann.at
Thu Apr 29 10:23:27 UTC 2010

Package: gnutls-bin
Version: 2.8.6-1
Severity: normal
Tags: lenny sid


I got a new cert for my servers and updated also the certs for exim for TLS.
With dovecot and Apache I never had any issues but exim failed to start tls:

2010-04-29 09:43:26 TLS error on connection from xxx.tuwien.ac.at (XXXX)
 [128.130.xx.xx] (cert/key setup: cert=/etc/exim4/exim.crt key=/etc/exim4/exim.k
 ey): Base64 decoding error.

in the end I found out, that the header of the cert has an additional space
after the -----BEGIN CERTIFICATE----- and before the newline.

gnutls fail then to decode the cert. openssl has no issues with the additinal
blank. Would it be possible to ignore this whitespace in gnutls as well?

Philipp Kolmann

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-3-686-bigmem (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages gnutls-bin depends on:
ii  libc6                   2.10.2-6         Embedded GNU C Library: Shared lib
ii  libgcrypt11             1.4.5-2          LGPL Crypto library - runtime libr
ii  libgnutls26             2.8.6-1          the GNU TLS library - runtime libr
ii  libreadline6            6.1-2            GNU readline and history libraries
ii  libtasn1-3              2.5-1            Manage ASN.1 structures (runtime)
ii  zlib1g                  1: compression library - runtime

gnutls-bin recommends no packages.

gnutls-bin suggests no packages.

-- no debconf information

More information about the Pkg-gnutls-maint mailing list