GnuTLS -- certtool

[Jonathan Steffan]

Jonathan Steffan wrote:
> Has certtool stopped working for anyone else?
> 
> To create a private key, run:
> $ certtool --generate-privkey --outfile key.pem

With some more looking the only package that has been updated on all the
machines is the krb5-libs package, but I'm not sure how that is related
to gnutls.

After setting permissive, getting a generation to work and then setting
back enforcing certtool continues to work. Which I find odd.

To prevent any FS contexts from causing the issue I have changed the
command I'm using to test:

$ certtool -p

Which now on my f8 x86_64 desktop (after a setenforce 0, success and
then a reboot) actually generates a key:

[jon at damaestro ~]$ time certtool -p
Generating a private key...
Generating a 1024 bit RSA private key...
-----BEGIN RSA PRIVATE KEY-----
[...]
-----END RSA PRIVATE KEY-----
real    0m38.281s
user    0m0.045s
sys     0m0.003s

So, even now the original command works, generating the expected key.pem:
[jon at damaestro ~]$ time certtool --generate-privkey --outfile key.pem
Generating a private key...
Generating a 1024 bit RSA private key...
real    0m49.547s
user    0m0.069s
sys     0m0.004s
[jon at damaestro ~]$ cat key.pem
-----BEGIN RSA PRIVATE KEY-----
[...]
-----END RSA PRIVATE KEY-----

On f8 i386 SELinux enforcing, I've given the generation 9min15.455s to
complete, user is at 0m0.0009s and sys is at 0m0.004s and I get no key
from 'certtool -p'.

Now, after setting SELinux to permissive it still seems to fail.

An strace reveals a lot of:

select(5, [4], NULL, NULL, {3, 0})      = 0 (Timeout)

Any other tests I can run?

-- 
Jonathan Steffan
daMaestro
Fedora Unity - http://fedoraunity.org/
GPG Fingerprint: 93A2 3E2F DC26 5570 3472 5B16 AD12 6CE7 0D86 AF59