Bug#638586: libgnutls26: fails to find second dns entry of a certificate
Sebastian Reichel
sre at debian.org
Sat Aug 20 00:17:10 UTC 2011
Package: libgnutls26
Version: 2.12.7-6
Severity: normal
Hi,
Since updating libgnutls26 the second DNS entry for one of my certs
is no longer found by libgnutls26. The old version (2.10.5-3) worked
as expected.
I attached the certificate with the problem. openssl correctly finds:
X509v3 Subject Alternative Name:
DNS:ring0.de, othername:<unsupported>,
DNS:*.ring0.de, othername:<unsupported>
gnutls's certtool prints this:
Subject Alternative Name (not critical):
DNSname: ring0.de
error: get_subject/issuer_alt_name2: ASN1 parser: Element was not found.
-- Sebastian
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing'), (100, 'unstable'), (50, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libgnutls26 depends on:
ii libc6 2.13-10 Embedded GNU C Library: Shared lib
ii libgcrypt11 1.4.6-9 LGPL Crypto library - runtime libr
ii libtasn1-3 2.9-4 Manage ASN.1 structures (runtime)
ii multiarch-support 2.13-10 Transitional package to ensure mul
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
libgnutls26 recommends no packages.
Versions of packages libgnutls26 suggests:
ii gnutls-bin 2.12.7-6 GNU TLS library - commandline util
-- no debconf information
-------------- next part --------------
-----BEGIN CERTIFICATE-----
MIIEwTCCAqmgAwIBAgIDAMOEMA0GCSqGSIb3DQEBBQUAMFQxFDASBgNVBAoTC0NB
Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV
BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTEwMTIxMjE1NzExWhcNMTMwMTIw
MjE1NzExWjATMREwDwYDVQQDEwhyaW5nMC5kZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALltWqlDfD3nY3D/Q0Tj8BfvbtPna7xLddVEvcNmAdR1CZYU
5wte6TEZs64qnuhmlA/XT6bBSW2A+jNKCzgLU9gF7q5wQIDgq3Bp5HsZ4HKlAMiS
orVyzJu6kDg6A1MC66k/oHsEHojizWpIaj3q5/+//onBIW3s8IfmFZXMkBen/clU
3CHGXhnABHOg2FRZe8pOZJBmhgGJ6EAnJKb5sy4frc7UPxEml7WFjitRRK74mWM6
LNqboYEWLo5ekdsnRRBQiw/zNNV06NA0wpEdRr9uSBvKHhteIHsaclahN3Nhe4Ox
ZtobI6I6gx1WYxbHO/7ciaFPU3zNH0LQZX8B0FECAwEAAaOB3DCB2TAMBgNVHRMB
Af8EAjAAMDQGA1UdJQQtMCsGCCsGAQUFBwMCBggrBgEFBQcDAQYJYIZIAYb4QgQB
BgorBgEEAYI3CgMDMAsGA1UdDwQEAwIFoDAzBggrBgEFBQcBAQQnMCUwIwYIKwYB
BQUHMAGGF2h0dHA6Ly9vY3NwLmNhY2VydC5vcmcvMFEGA1UdEQRKMEiCCHJpbmcw
LmRloBYGCCsGAQUFBwgFoAoMCHJpbmcwLmRlggoqLnJpbmcwLmRloBgGCCsGAQUF
BwgFoAwMCioucmluZzAuZGUwDQYJKoZIhvcNAQEFBQADggIBAGaX7bEPtV1KzgJc
30Y/WyYV1sRpbBjsBerK0H9usAYN2Wm5KVkdHAQDQyR/2MSsowsx3N5COx1hNY9E
FI55YQYlu2ZBXk2tSFqdorHih3Qf8u1o5KQ23iFw2Ir87Y7bTzkzXsq8ehu7sYyh
+s4tSuMktxpe842V7v4cM0ZTZ6aoa3YK4Xow+KTJN0tBIkHOfNzgwmLEzKwpeHk9
ibKYVx8md8bj2Q7JFgB+zRW967fIN3Hgbky+3fBNgVtSq29i4SSZL0O/DWqg704M
xPG4ika/sdUFZwWCXRYLkfST77GpWjfBgMjyS+DNqI4yBgqPwRmj0GG0sxBBKDt5
dRUSaLxZ1U391qwKvOMu8awxS8eeYYMgNwjLFP1t8e/Poe4XQZrUgulVRrvPCWzX
XaG7/rRvkYQrqIHs0XbE9xDo2ljZtuZ0rjRO0Nah7VY0RkZC5sFpqxdCotYUqxMi
6wThha+EN3NwWlX9PcWONoRMZCjLLPvkB0wwPauLyRpIsq6N803Hw0i7O+45URuy
jtO8TpHDhwLk+GRP0GrD/U+ifSxZ8mE5GXSGkN1Z3smBIabO8X94e9oYYA2TOD1O
mgMC+uNJ45IeBoz6nFu9ibf+3kK7opE/Y3IL8ViPoiayBGeMAaHoOIOfUMeXGvBA
09GduyL69p8KhUpJvFn8FGwiH32U
-----END CERTIFICATE-----
More information about the Pkg-gnutls-maint
mailing list