On (14/12/06 17:42), Marc Haber wrote: > On Thu, Dec 14, 2006 at 05:22:33PM +0100, Felix Palmen wrote: > > * Marc Haber <[EMAIL PROTECTED]> [20061214 16:45]: > > > Ok. Can you please install gnutls-bin and try starting gnutls-serv > > > with the appropriate --x509keyfile and --x509certfile options. If that > > > gives the same error message, we have a gnutls-issue and this bug > > > needs to be reassigned appropriately. > > > > You're right: > > > > --- > > photon:/etc/exim4# gnutls-serv --x509keyfile exim.key --x509certfile > > exim.crt > > Error reading 'exim.crt' or 'exim.key' > > Error: Base64 decoding error. > > --- > > photon:/etc/exim4# openssl s_server -key exim.key -cert exim.crt > > Using default temp DH parameters > > Using default temp ECDH parameters > > ACCEPT > > ---
Hi, Thanks for the report. As you can imagine it is not easy for me to debug this problem without more information than that from GnuTLS about what is wrong. As you cannot provide the key, and working under the assumption that there will be know help from the hosting company, there are a couple of things we can try. For a start I don't know how to create a Base64 encoded key, do you? Could you first have a look at the key/cert files and see if they look like normal base64 (I'm not sure whether the encoding to base64 is the last layer or somewhere underneath). If they look like they are can you try and decode them from base64. A failure might just mean that even though it looks like base64 it isn't, but it might indicate a certificate problem. Assuming that that tells us nothing could I provide you with an instrumented GnuTLS library that will reveal the real problem? Looking at the code there are many points that will throw this error, so first it would be good to know which one it is tripping up on. Then it would be good to know what the actual problem is it is having with the files, which might point to where the bug lies. If I were going to provide this would you be happy to compile this for yourself or would you like packages? The testing can be done on your etch system if you like. As for fixing this for etch I doubt whether that will happen I am afraid. We are in the freeze now, and though we could perhaps get an exception if we can provide a targeted fix there's no guarantee we would even have found the bug by the time the release comes. Thanks, James -- James Westby -- GPG Key ID: B577FE13 -- http://jameswestby.net/ seccure key - (3+)k7|M*edCX/.A:n*N!>|&7U.L#9E)Tu)T0>AM - secp256r1/nistp256 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
