Package: gnutls-bin Version: 2.8.6-1+squeeze2 The certtool in squeeze, when given the template
--8<-- snip --8<-- cn = Test Squeeze Certificate Authority ca cert_signing_key expiration_days = 3653 --8<-- snip --8<-- and told to generate a self-signed cert, produces the attached file "squeeze.pem". According to RFC 2459, the TBSCertificate signature and the SubjectPublicKeyInfo elements should be identical AlgorithmIdentifiers, which should be SEQUENCE { algOID, params }. Section 7.2.1 states that for RSA signature algorithms, params should be the ASN.1 type NULL. This is not the case in squeeze.pem, though it is in wheezy.pem, which has been generated by the certtool in gnutls-bin 3.0.20-3.
-----BEGIN CERTIFICATE----- MIIDFTCCAf+gAwIBAgIEUEZOdzALBgkqhkiG9w0BAQUwLTErMCkGA1UEAxMiVGVz dCBTcXVlZXplIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xMjA5MDQxODU0NDda Fw0yMjA5MDUxODU0NDdaMC0xKzApBgNVBAMTIlRlc3QgU3F1ZWV6ZSBDZXJ0aWZp Y2F0ZSBBdXRob3JpdHkwggEgMAsGCSqGSIb3DQEBAQOCAQ8AMIIBCgKCAQEA5oFa zy9e7AME4pYwCtQr3ALAHlj0dnQIVZ37Mf/nTxiN9KSXVHngPdZYOLu7IcQl/Y9U l6DUl2zo/iXODMD3cts3hUSx4kFEJ+7n2GBlz4fEPlkz+NYRRgy3JpDBzGwTO8vG gwyzCYD+cTT5z2V6Uno+ion+afDefAmaQiJW0ONL6UnvsP+oQ9KM6wZ1cQ5HmM6a jC1UVeO33WYAsYSUUSEA4zHSpMiFfrcQLg4TLuT4zqGm6m11047X7405NnbDV8Zd WEMUb19k4YZKnCaVuKMpV4dkNNW3HMAQVfvg6xUg9n/yWVcVKfjM5ceRaEnHnUAF /PwGzOb6Hsjnst1nEQIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB /wQFAwMHBAAwHQYDVR0OBBYEFO/aVkH+KRrO32O5VqArxzg6b2Y7MAsGCSqGSIb3 DQEBBQOCAQEAUiUNld0yO9NPPJ2m4oieut+nJh/OM2X6vaKMe0Q+xxzzGPgrw7tJ 47PZA/PwwXLSnkCdSyZuM71EuPoInZarAiPiedGQefqbmaLMIdiOgyhYxctC8Ep1 wrwA8db8/jyyjjTb5PJy0xuOldV8zTjpNofXMe7Pld0DtnhPWaUkSlSoJ2rK7/Hq tA3dvGApyBP5r7r4fi+fvtknE4F/NeowqEcEMmP/iyLh9RGr5jn3PpuEoNx2rEzx qGL5nyKQPr/E7dghzgQQ8D5O3ZdJ8WSL8VGi4FMqckLPBPjdy2j1tj2+QDD2u4G3 5V9pQsH/x54hH5DDplnfyjUiekTFEvYI3g== -----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- MIIDHzCCAgegAwIBAgIEUEZOrzANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJU ZXN0IFNxdWVlemUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MCIYDzIwMTIwOTA0MTg1 NTQzWhgPMjAyMjA5MDUxODU1NDNaMC0xKzApBgNVBAMTIlRlc3QgU3F1ZWV6ZSBD ZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQDmgVrPL17sAwTiljAK1CvcAsAeWPR2dAhVnfsx/+dPGI30pJdUeeA91lg4 u7shxCX9j1SXoNSXbOj+Jc4MwPdy2zeFRLHiQUQn7ufYYGXPh8Q+WTP41hFGDLcm kMHMbBM7y8aDDLMJgP5xNPnPZXpSej6Kif5p8N58CZpCIlbQ40vpSe+w/6hD0ozr BnVxDkeYzpqMLVRV47fdZgCxhJRRIQDjMdKkyIV+txAuDhMu5PjOoabqbXXTjtfv jTk2dsNXxl1YQxRvX2ThhkqcJpW4oylXh2Q01bccwBBV++DrFSD2f/JZVxUp+Mzl x5FoScedQAX8/AbM5voeyOey3WcRAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8w DwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQU3knPaK8svzV6fUfgzOt7mzo5ejcw DQYJKoZIhvcNAQELBQADggEBADCnOUvoNGpF6+CBeCLkpZNQmWZOimglTo6UHQr8 sSEba7BcukJlDq0f0fWssZHkYy5CFjo2Z0wVLMTvCF1EEI3xY9kXZW/Z/Kww/2Zx INzBGH+X9afFgF69r51Zh3NqiJuRyNzqNqSZjYP3DwNNvJHokqAvOo94osrWW4CG iFpOue386OYIZjDQTBlFpqlDNbgNE14daOqJDzLz3I4hKZfCSS9S1A1/kwkxqxlr XU1nXCAOrUZku4rgCd0wvJuNNIlu9/u3Fd5tWwHKlhaqA102YHTR1wNeBJwnOIs0 sFVk0NF98uUMHm1LfDg+o0FgG4y3sVMPGFhEzUeGLV/vx3Q= -----END CERTIFICATE-----