Red Hat Bugzilla – Bug 446392
SSL error: Key usage violation
Last modified: 2008-05-15 03:28:32 EDT
Description of problem: Doing 'svn update' to SSL-enabled http server with
selfsigned certificate generate error message: SSL error: Key usage violation in
certificate has been detected.
Version-Release number of selected component (if applicable):
svn co https://svn.eionet.europa.eu/repositories/Zope/trunk/Localizer
It is a public SVN repository
Steps to Reproduce:
1. svn co https://svn.eionet.europa.eu/repositories/Zope/trunk/Localizer
svn: PROPFIND request failed on '/repositories/Zope/trunk/Localizer'
svn: PROPFIND of '/repositories/Zope/trunk/Localizer': SSL negotiation failed:
SSL error: Key usage violation in certificate has been detected.
Localizer product checked out
The certificate for svn.eionet.europa.eu has the X509v3 Key Usage set to: Key
Encipherment, which is normal for SSL servers.
The svn.eionet.europa.eu has been in use for years, about two years with the
current certificate, and no such issue has arisen before.
In case you need to take a look. The certificate is signed with this CA:
Thanks for the report. I'm about to go on holiday so won't be able to look at
this immediately, but it is probably a GnuTLS bug so I've forwarded it upstream.
The server should not offer the DHE_RSA method with such certificate. So
definitely a problem on the server.
Yes, adding "digital signature" as key usage fixed the problem