GnuTLS -- certtool
Jonathan Steffan
jon at fedoraunity.org
Wed Mar 26 02:30:47 UTC 2008
Jonathan Steffan wrote:
> Has certtool stopped working for anyone else?
>
> To create a private key, run:
> $ certtool --generate-privkey --outfile key.pem
With some more looking the only package that has been updated on all the
machines is the krb5-libs package, but I'm not sure how that is related
to gnutls.
After setting permissive, getting a generation to work and then setting
back enforcing certtool continues to work. Which I find odd.
To prevent any FS contexts from causing the issue I have changed the
command I'm using to test:
$ certtool -p
Which now on my f8 x86_64 desktop (after a setenforce 0, success and
then a reboot) actually generates a key:
[jon at damaestro ~]$ time certtool -p
Generating a private key...
Generating a 1024 bit RSA private key...
-----BEGIN RSA PRIVATE KEY-----
[...]
-----END RSA PRIVATE KEY-----
real 0m38.281s
user 0m0.045s
sys 0m0.003s
So, even now the original command works, generating the expected key.pem:
[jon at damaestro ~]$ time certtool --generate-privkey --outfile key.pem
Generating a private key...
Generating a 1024 bit RSA private key...
real 0m49.547s
user 0m0.069s
sys 0m0.004s
[jon at damaestro ~]$ cat key.pem
-----BEGIN RSA PRIVATE KEY-----
[...]
-----END RSA PRIVATE KEY-----
On f8 i386 SELinux enforcing, I've given the generation 9min15.455s to
complete, user is at 0m0.0009s and sys is at 0m0.004s and I get no key
from 'certtool -p'.
Now, after setting SELinux to permissive it still seems to fail.
An strace reveals a lot of:
select(5, [4], NULL, NULL, {3, 0}) = 0 (Timeout)
Any other tests I can run?
--
Jonathan Steffan
daMaestro
Fedora Unity - http://fedoraunity.org/
GPG Fingerprint: 93A2 3E2F DC26 5570 3472 5B16 AD12 6CE7 0D86 AF59
More information about the fedora-devel-list
mailing list