Am 27.01.21 um 19:17 schrieb Daniel P. Berrangé:
On Wed, Jan 27, 2021 at 06:05:08PM +0100, Stefan Weil wrote:
Am 27.01.21 um 17:53 schrieb Daniel P. Berrangé:
In $QEMU.git/crypto/init.c can you uncomment the "#define DEBUG_GNUTLS"
line and then re-build and re-run the test case.
There's a bunch of debug logs in code paths from gnutls_x509_crt_privkey_sign
that might give us useful info.
Regards,
Daniel
% LANG=C.UTF-8 tests/test-crypto-tlscredsx509
# random seed: R02S9b95072a368ad370cdd4c780b8074596
3: ASSERT: mpi.c[wrap_nettle_mpi_print]:60
3: ASSERT: mpi.c[wrap_nettle_mpi_print]:60
2: signing structure using RSA-SHA256
3: ASSERT: common.c[_gnutls_x509_der_encode]:855
3: ASSERT: sign.c[_gnutls_x509_pkix_sign]:174
3: ASSERT: x509_write.c[gnutls_x509_crt_privkey_sign]:1834
3: ASSERT: x509_write.c[gnutls_x509_crt_sign2]:1152
Bail out! FATAL-CRITICAL: Failed to sign certificate ASN1 parser: Value is
not valid.
So it shows its failing inside a asn1_der_coding call, but I can't see
why it would fail, especially if the same test suite passes fine on
macOS x86_64 hosts.
It returns ASN1_MEM_ERROR, so the input vector is too small.
Stefan
