ASN1 parser: Error in TAG

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
rayvd
504 Command not implemented
Posts: 11
Joined: 2008-07-29 20:13
First name: Ray
Last name: Van Dolson

ASN1 parser: Error in TAG

#1 Post by rayvd » 2009-12-17 00:25

I'm getting the following error from GnuTLS when attempting to connect via Explicit TLS (AUTH TLS):

Code: Select all

GnuTLS error -73: ASN1 parser: Error in TAG.
I get this error from lftp as well, so it's either an issue with GnuTLS or the certificate in use on this site. The site also supports Implicit TLS via port 990, and, oddly enough the cert there gives no problems at all. Since I don't know anything about how this server is configured, I don't really want to draw a conclusion from that...

The site in question is ftp.pp.xw.gm.com. I can retrieve the certificate from the implicit site with openssl s_client, but don't know how to dump the certificate for explicit FTP sites easily. Perhaps one of the developers here could attempt an anonymous connection and dissect the certificate a bit more.

I'll also go ping the GnuTLS folks and see if I can figure out how to extract a copy of the certificate easily when AUTH TLS negotiation is performed.

(FWIW, Filezilla 3.3.0.1 tested with no firewalling in place)

rayvd
504 Command not implemented
Posts: 11
Joined: 2008-07-29 20:13
First name: Ray
Last name: Van Dolson

Re: ASN1 parser: Error in TAG

#2 Post by rayvd » 2009-12-17 00:29

Actually, the following may have done the trick:

Code: Select all

$ openssl s_client -connect ftp.pp.xw.gm.com:21 -starttls ftp
CONNECTED(00000003)
32061:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1316:
32061:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:828:
32061:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:748:Field=value, Type=X509_EXTENSION
32061:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:709:
32061:error:0D08403A:asn1 encoding routines:ASN1_TEMPLATE_EX_D2I:nested asn1 error:tasn_dec.c:578:Field=extensions, Type=X509_CINF
32061:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:748:Field=cert_info, Type=X509
32061:error:1409000D:SSL routines:SSL3_GET_SERVER_CERTIFICATE:ASN1 lib:s3_clnt.c:972:
Now to dig into this a little bit...

User avatar
botg
Site Admin
Posts: 35509
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: ASN1 parser: Error in TAG

#3 Post by botg » 2009-12-17 20:15

Clearly an invalid certificate. Please contact the server administrator so that he can install a proper certificate.

Post Reply