+++ This bug was initially created as a clone of Bug #1369484 +++
GnuTLS (for example openconnect) can read PKCS#8 files generated by Fedora's OpenSSL 1.1.
It started at OpenSSL commit 8fc06e8860:
Specifically, changing the PRF to use SHA256. So this works:
$ apps/openssl pkcs8 -topk8 -in ~/privkey.pem -out ~/pk8-test.pem -v2 aes256 -passout pass:asdf -v2prf hmacWithSHA1
... and GnuTLS fails to parse this one:
$ apps/openssl pkcs8 -topk8 -in ~/privkey.pem -out ~/pk8-test.pem -v2 aes256 -passout pass:asdf -v2prf hmacWithSHA256
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.