Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 943493 Details for
Bug 1148895
RFE: Use same CKA_ID for certificates with same subject key identifier
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
debug output not working with all certs installed
gnutls-cli-debug-notworking.txt (text/plain), 12.28 KB, created by
David Woodhouse
on 2014-10-02 17:12:56 UTC
(
hide
)
Description:
debug output not working with all certs installed
Filename:
MIME Type:
Creator:
David Woodhouse
Created:
2014-10-02 17:12:56 UTC
Size:
12.28 KB
patch
obsolete
>Script started on Thu 02 Oct 2014 18:11:05 BST >]0;dwoodhou@dwoodhou-mobl5:/etc/pki/ca-trust/source/anchors[root@dwoodhou-mobl5 anchors]# md5sum * >7a7cbfa0dbc9075cc26b2d51fb272eac intel-internal.crt >0a713c69d8aaffaae9e9455a8949b45f scsir-certchain.crt >]0;dwoodhou@dwoodhou-mobl5:/etc/pki/ca-trust/source/anchors[root@dwoodhou-mobl5 anchors]# md5sum *gnutls-cli -d 99 scsir.intel.com >|<2>| Initializing PKCS #11 modules >|<2>| p11: Initializing module: p11-kit-trust >|<2>| p11: Initializing module: gnome-keyring >|<3>| ASSERT: pkcs11.c:503 >|<3>| ASSERT: pkcs11.c:2401 >|<3>| ASSERT: pkcs11.c:2735 >Processed 198 CA certificate(s). >Resolving 'scsir.intel.com'... >Connecting to '213.190.153.55:443'... >|<5>| REC[0x26501e0]: Allocating epoch #0 >|<2>| selected priority string: NONE:+VERS-TLS-ALL:+SHA1:+SHA256:+SHA384:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+AES-128-GCM:+AES-128-CBC:+CAMELLIA-128-GCM:+CAMELLIA-128-CBC:+AES-256-GCM:+AES-256-CBC:+CAMELLIA-256-GCM:+CAMELLIA-256-CBC:+3DES-CBC:+ARCFOUR-128:+SIGN-ALL:-SIGN-RSA-MD5:+CURVE-ALL:+COMP-NULL:%PROFILE_LOW >|<3>| ASSERT: gnutls_constate.c:586 >|<5>| REC[0x26501e0]: Allocating epoch #1 >|<4>| HSK[0x26501e0]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA1 (C0.13) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA256 (C0.27) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_CBC_SHA256 (C0.76) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA1 (C0.14) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA384 (C0.28) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_CBC_SHA384 (C0.77) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: ECDHE_RSA_ARCFOUR_128_SHA1 (C0.11) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA1 (C0.09) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA256 (C0.23) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256 (C0.72) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA1 (C0.0A) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA384 (C0.24) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 (C0.73) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: ECDHE_ECDSA_3DES_EDE_CBC_SHA1 (C0.08) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: ECDHE_ECDSA_ARCFOUR_128_SHA1 (C0.07) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 (00.2F) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256 (00.3C) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 (00.41) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA256 (00.BA) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 (00.35) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256 (00.3D) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 (00.84) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA256 (00.C0) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 (00.0A) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: RSA_ARCFOUR_128_SHA1 (00.05) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1 (00.33) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256 (00.67) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1 (00.45) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA256 (00.BE) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1 (00.39) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256 (00.6B) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1 (00.88) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA256 (00.C4) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 (00.16) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1 (00.32) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256 (00.40) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1 (00.44) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA256 (00.BD) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1 (00.38) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256 (00.6A) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1 (00.87) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA256 (00.C3) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 (00.13) >|<4>| HSK[0x26501e0]: Keeping ciphersuite: DHE_DSS_ARCFOUR_128_SHA1 (00.66) >|<4>| EXT[0x26501e0]: Sending extension STATUS REQUEST (5 bytes) >|<4>| EXT[0x26501e0]: Sending extension SERVER NAME (20 bytes) >|<4>| EXT[0x26501e0]: Sending extension SAFE RENEGOTIATION (1 bytes) >|<4>| EXT[0x26501e0]: Sending extension SESSION TICKET (0 bytes) >|<4>| EXT[0x26501e0]: Sending extension SUPPORTED ECC (8 bytes) >|<4>| EXT[0x26501e0]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes) >|<4>| EXT[0x26501e0]: sent signature algo (4.1) RSA-SHA256 >|<4>| EXT[0x26501e0]: sent signature algo (4.2) DSA-SHA256 >|<4>| EXT[0x26501e0]: sent signature algo (4.3) ECDSA-SHA256 >|<4>| EXT[0x26501e0]: sent signature algo (5.1) RSA-SHA384 >|<4>| EXT[0x26501e0]: sent signature algo (5.3) ECDSA-SHA384 >|<4>| EXT[0x26501e0]: sent signature algo (6.1) RSA-SHA512 >|<4>| EXT[0x26501e0]: sent signature algo (6.3) ECDSA-SHA512 >|<4>| EXT[0x26501e0]: sent signature algo (3.1) RSA-SHA224 >|<4>| EXT[0x26501e0]: sent signature algo (3.2) DSA-SHA224 >|<4>| EXT[0x26501e0]: sent signature algo (3.3) ECDSA-SHA224 >|<4>| EXT[0x26501e0]: sent signature algo (2.1) RSA-SHA1 >|<4>| EXT[0x26501e0]: sent signature algo (2.2) DSA-SHA1 >|<4>| EXT[0x26501e0]: sent signature algo (2.3) ECDSA-SHA1 >|<4>| EXT[0x26501e0]: Sending extension SIGNATURE ALGORITHMS (28 bytes) >|<4>| HSK[0x26501e0]: CLIENT HELLO was queued [227 bytes] >|<11>| HWRITE: enqueued [CLIENT HELLO] 227. Total 227 bytes. >|<11>| HWRITE FLUSH: 227 bytes in buffer. >|<5>| REC[0x26501e0]: Preparing Packet Handshake(22) with length: 227 and min pad: 0 >|<9>| ENC[0x26501e0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 >|<11>| WRITE: enqueued 232 bytes for 0x5. Total 232 bytes. >|<5>| REC[0x26501e0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 232 >|<11>| HWRITE: wrote 1 bytes, 0 bytes left. >|<11>| WRITE FLUSH: 232 bytes in buffer. >|<11>| WRITE: wrote 232 bytes, 0 bytes left. >|<3>| ASSERT: gnutls_buffers.c:1104 >|<10>| READ: Got 5 bytes from 0x5 >|<10>| READ: read 5 bytes from 0x5 >|<10>| RB: Have 0 bytes into buffer. Adding 5 bytes. >|<10>| RB: Requested 5 bytes >|<5>| REC[0x26501e0]: SSL 3.1 Handshake packet received. Epoch 0, length: 74 >|<5>| REC[0x26501e0]: Expected Packet Handshake(22) >|<5>| REC[0x26501e0]: Received Packet Handshake(22) with length: 74 >|<10>| READ: Got 74 bytes from 0x5 >|<10>| READ: read 74 bytes from 0x5 >|<10>| RB: Have 5 bytes into buffer. Adding 74 bytes. >|<10>| RB: Requested 79 bytes >|<5>| REC[0x26501e0]: Decrypted Packet[0] Handshake(22) with length: 74 >|<13>| BUF[REC]: Inserted 74 bytes of Data(22) >|<4>| HSK[0x26501e0]: SERVER HELLO (2) was received. Length 70[70], frag offset 0, frag length: 70, sequence: 0 >|<4>| HSK[0x26501e0]: Server's version: 3.1 >|<4>| HSK[0x26501e0]: SessionID length: 32 >|<4>| HSK[0x26501e0]: SessionID: 3d193865628d00ca9907cca2f2ee96ba42c2757e274492901ffd80382a73caf6 >|<4>| HSK[0x26501e0]: Selected cipher suite: RSA_AES_128_CBC_SHA1 >|<4>| HSK[0x26501e0]: Selected compression method: NULL (0) >|<3>| ASSERT: gnutls_extensions.c:163 >|<4>| HSK[0x26501e0]: Allowing unsafe initial negotiation >|<3>| ASSERT: gnutls_buffers.c:1104 >|<10>| READ: Got 5 bytes from 0x5 >|<10>| READ: read 5 bytes from 0x5 >|<10>| RB: Have 0 bytes into buffer. Adding 5 bytes. >|<10>| RB: Requested 5 bytes >|<5>| REC[0x26501e0]: SSL 3.1 Handshake packet received. Epoch 0, length: 6723 >|<5>| REC[0x26501e0]: Expected Packet Handshake(22) >|<5>| REC[0x26501e0]: Received Packet Handshake(22) with length: 6723 >|<10>| READ: Got 6723 bytes from 0x5 >|<10>| READ: read 6723 bytes from 0x5 >|<10>| RB: Have 5 bytes into buffer. Adding 6723 bytes. >|<10>| RB: Requested 6728 bytes >|<5>| REC[0x26501e0]: Decrypted Packet[1] Handshake(22) with length: 6723 >|<13>| BUF[REC]: Inserted 6723 bytes of Data(22) >|<4>| HSK[0x26501e0]: CERTIFICATE (11) was received. Length 6719[6719], frag offset 0, frag length: 6719, sequence: 0 >- Certificate type: X.509 >- Got a certificate list of 4 certificates. >- Certificate[0] info: >|<3>| ASSERT: dn.c:245 >|<3>| ASSERT: dn.c:245 >|<3>| ASSERT: extensions.c:65 > - subject `C=IE,L=IR,O=Intel Corporation,OU=IT,CN=vpn.intel.com,CN=scsir.intel.com', issuer `C=US,O=Intel Corporation,CN=Intel Intranet Basic Issuing CA 2B', RSA key 2048 bits, signed using RSA-SHA1, activated `2014-01-08 17:41:39 UTC', expires `2017-01-07 17:41:39 UTC', SHA-1 fingerprint `06c1264afaa4f533aa301a66b5aa88a30d05cabb' > Public Key ID: > 57475570da32886e648e1ba53ad7a28234619a20 > Public key's random art: > +--[ RSA 2048]----+ > | oo=| > | . o + | > | = o = .| > |E o O . . o | > |o+ . S = | > |o o . * | > | . o o + . | > | . . + . | > | .. | > +-----------------+ > >- Certificate[1] info: >|<3>| ASSERT: dn.c:245 >|<3>| ASSERT: dn.c:245 >|<3>| ASSERT: extensions.c:65 > - subject `C=US,O=Intel Corporation,CN=Intel Intranet Basic Issuing CA 2B', issuer `C=US,O=Intel Corporation,CN=Intel Intranet Basic Policy CA', RSA key 2048 bits, signed using RSA-SHA1, activated `2009-05-15 18:42:45 UTC', expires `2015-05-15 18:52:45 UTC', SHA-1 fingerprint `ca87c9864ec7a2d8c11c19fb9be33b2225f6110d' >- Certificate[2] info: >|<3>| ASSERT: dn.c:245 >|<3>| ASSERT: dn.c:245 >|<3>| ASSERT: extensions.c:65 > - subject `C=US,O=Intel Corporation,CN=Intel Intranet Basic Policy CA', issuer `C=US,O=Intel Corporation,CN=Intel Root CA', RSA key 2048 bits, signed using RSA-SHA1, activated `2006-05-24 19:49:39 UTC', expires `2018-05-24 19:59:39 UTC', SHA-1 fingerprint `34b856639cd094e3b6701b6e78b96e04a29ea89f' >- Certificate[3] info: >|<3>| ASSERT: dn.c:245 >|<3>| ASSERT: dn.c:245 >|<3>| ASSERT: extensions.c:65 > - subject `C=US,O=Intel Corporation,CN=Intel Root CA', issuer `C=US,O=Intel Corporation,CN=Intel Root CA', RSA key 2048 bits, signed using RSA-SHA1, activated `2005-05-18 21:24:24 UTC', expires `2025-05-18 21:24:24 UTC', SHA-1 fingerprint `76f80159162c1ad5aaf043213a03dc463a4e4b26' >|<3>| ASSERT: status_request.c:382 >|<3>| ASSERT: common.c:1041 >|<3>| ASSERT: dn.c:986 >|<3>| ASSERT: dn.c:986 >|<3>| ASSERT: common.c:1041 >|<3>| ASSERT: dn.c:986 >|<3>| ASSERT: common.c:1041 >|<3>| ASSERT: dn.c:986 >|<3>| ASSERT: dn.c:986 >|<3>| ASSERT: pkcs11.c:3309 >|<3>| ASSERT: pkcs11.c:3309 >|<3>| ASSERT: pkcs11.c:3124 >|<3>| ASSERT: pkcs11.c:3309 >|<3>| ASSERT: pkcs11.c:3309 >|<3>| ASSERT: pkcs11.c:3124 >|<3>| ASSERT: pkcs11.c:3515 >|<3>| ASSERT: pkcs11.c:3309 >|<3>| ASSERT: pkcs11.c:3309 >|<3>| ASSERT: pkcs11.c:3124 >|<3>| ASSERT: pkcs11.c:3309 >|<3>| ASSERT: pkcs11.c:3309 >|<3>| ASSERT: pkcs11.c:3124 >|<3>| ASSERT: pkcs11.c:3515 >|<3>| ASSERT: common.c:1041 >|<3>| ASSERT: extensions.c:65 >|<3>| ASSERT: dn.c:986 >|<3>| ASSERT: common.c:1041 >|<3>| ASSERT: verify.c:605 >|<3>| ASSERT: verify.c:953 >|<3>| ASSERT: common.c:1041 >|<3>| ASSERT: common.c:1041 >- Status: The certificate is NOT trusted. The certificate issuer is unknown. >*** PKI verification of server certificate failed... >|<3>| ASSERT: gnutls_handshake.c:2734 >*** Fatal error: Error in the certificate. >|<5>| REC: Sending Alert[2|42] - Certificate is bad >|<5>| REC[0x26501e0]: Preparing Packet Alert(21) with length: 2 and min pad: 0 >|<9>| ENC[0x26501e0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 >|<11>| WRITE: enqueued 7 bytes for 0x5. Total 7 bytes. >|<11>| WRITE FLUSH: 7 bytes in buffer. >|<11>| WRITE: wrote 7 bytes, 0 bytes left. >|<5>| REC[0x26501e0]: Sent Packet[2] Alert(21) in epoch 0 and length: 7 >*** Handshake has failed >GnuTLS error: Error in the certificate. >|<5>| REC[0x26501e0]: Start of epoch cleanup >|<5>| REC[0x26501e0]: End of epoch cleanup >|<5>| REC[0x26501e0]: Epoch #0 freed >|<5>| REC[0x26501e0]: Epoch #1 freed >]0;dwoodhou@dwoodhou-mobl5:/etc/pki/ca-trust/source/anchors[root@dwoodhou-mobl5 anchors]# exit > >Script done on Thu 02 Oct 2014 18:11:14 BST
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=943493">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1148895
:
943419
|
943420
| 943493 |
943494
|
944600
|
944645