Page 1 of 1

ASN1 parser: Error in TAG

Posted: 2009-12-17 00:25
by rayvd
I'm getting the following error from GnuTLS when attempting to connect via Explicit TLS (AUTH TLS):

Code: Select all

GnuTLS error -73: ASN1 parser: Error in TAG.
I get this error from lftp as well, so it's either an issue with GnuTLS or the certificate in use on this site. The site also supports Implicit TLS via port 990, and, oddly enough the cert there gives no problems at all. Since I don't know anything about how this server is configured, I don't really want to draw a conclusion from that...

The site in question is I can retrieve the certificate from the implicit site with openssl s_client, but don't know how to dump the certificate for explicit FTP sites easily. Perhaps one of the developers here could attempt an anonymous connection and dissect the certificate a bit more.

I'll also go ping the GnuTLS folks and see if I can figure out how to extract a copy of the certificate easily when AUTH TLS negotiation is performed.

(FWIW, Filezilla tested with no firewalling in place)

Re: ASN1 parser: Error in TAG

Posted: 2009-12-17 00:29
by rayvd
Actually, the following may have done the trick:

Code: Select all

$ openssl s_client -connect -starttls ftp
32061:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1316:
32061:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:828:
32061:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:748:Field=value, Type=X509_EXTENSION
32061:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:709:
32061:error:0D08403A:asn1 encoding routines:ASN1_TEMPLATE_EX_D2I:nested asn1 error:tasn_dec.c:578:Field=extensions, Type=X509_CINF
32061:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:748:Field=cert_info, Type=X509
32061:error:1409000D:SSL routines:SSL3_GET_SERVER_CERTIFICATE:ASN1 lib:s3_clnt.c:972:
Now to dig into this a little bit...

Re: ASN1 parser: Error in TAG

Posted: 2009-12-17 20:15
by botg
Clearly an invalid certificate. Please contact the server administrator so that he can install a proper certificate.