p11-kit: invalid basic constraints certificate extension
Stef Walter
stefw at redhat.com
Thu Aug 29 04:38:01 PDT 2013
On 27.08.2013 11:07, Ludwig Nussel wrote:
> Hi,
>
> p11-kit 0.19.3 chokes on a .p11-kit file generated by certdata2pem.py:
>
> (p11-kit:5031) loader_load_file: loaded:
> /usr/share/pki/trust/MITM_subCA_1_issued_by_Trustwave:2.4.107.73.210.5.p11-kit
> (p11-kit:5031) p11_asn1_decode: couldn't parse PKIX1.BasicConstraints:
> DER_ERROR:
> p11-kit: invalid basic constraints certificate extension
>
> The file has the following content:
> [p11-kit-object-v1]
> label: "MITM subCA 1 issued by Trustwave"
> class: certificate
> certificate-type: x-509
> issuer:
> "0%81%AB1%0B0%09%06%03U%04%06%13%02US1%110%0F%06%03U%04%08%13%08Illinois1%100%0E%06%03U%04%07%13%07Chicago1%210%1F%06%03U%04%0A%13%18Trustwave%20Holdings%2C%20Inc.1301%06%03U%04%03%13%2ATrustwave%20Organization%20Issuing%20CA%2C%20Level%2021%1F0%1D%06%09%2A%86H%86%F7%0D%01%09%01%16%10ca%40trustwave.com"
>
> serial-number: "%02%04kI%D2%05"
> x-distrusted: true
>
>
> Other .p11-kit files generated by certdata2pem.py work fine. Any idea
> what's wrong with that one?
That's odd. I can't duplicate it. It doesn't seem to have
BasicConstraints information. Are you sure it's that file that it's
complaining about. Perhaps one that contains the BasicContstraints OID:
2.5.29.19
Stef
More information about the p11-glue
mailing list