p11-kit: invalid basic constraints certificate extension

Ludwig Nussel ludwig.nussel at suse.de
Tue Aug 27 02:07:40 PDT 2013


Hi,

p11-kit 0.19.3 chokes on a .p11-kit file generated by certdata2pem.py:

(p11-kit:5031) loader_load_file: loaded: /usr/share/pki/trust/MITM_subCA_1_issued_by_Trustwave:2.4.107.73.210.5.p11-kit
(p11-kit:5031) p11_asn1_decode: couldn't parse PKIX1.BasicConstraints: DER_ERROR:
p11-kit: invalid basic constraints certificate extension

The file has the following content:
[p11-kit-object-v1]
label: "MITM subCA 1 issued by Trustwave"
class: certificate
certificate-type: x-509
issuer: "0%81%AB1%0B0%09%06%03U%04%06%13%02US1%110%0F%06%03U%04%08%13%08Illinois1%100%0E%06%03U%04%07%13%07Chicago1%210%1F%06%03U%04%0A%13%18Trustwave%20Holdings%2C%20Inc.1301%06%03U%04%03%13%2ATrustwave%20Organization%20Issuing%20CA%2C%20Level%2021%1F0%1D%06%09%2A%86H%86%F7%0D%01%09%01%16%10ca%40trustwave.com"
serial-number: "%02%04kI%D2%05"
x-distrusted: true


Other .p11-kit files generated by certdata2pem.py work fine. Any idea
what's wrong with that one?

cu
Ludwig

-- 
  (o_   Ludwig Nussel
  //\
  V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)


More information about the p11-glue mailing list