PKCS#12 certs with embedded CA certs and GnuTLS
Joe Orton
joe at manyfish.co.uk
Thu Oct 30 15:08:41 EDT 2008
This issue (Debian bug 480041) is almost certainly a neon bug.
I can reproduce the error with a PKCS#12 cert with an embedded CA cert;
if anybody else seeing this problem can confirm it's fixed with the
patch below, that would be great.
Regards, Joe
Index: src/ne_gnutls.c
===================================================================
--- src/ne_gnutls.c (revision 1588)
+++ src/ne_gnutls.c (working copy)
@@ -974,6 +974,10 @@
switch (type) {
case GNUTLS_BAG_PKCS8_KEY:
case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
+ /* Ignore any but the first key encountered; really
+ * need to match up keyids. */
+ if (*pkey) break;
+
gnutls_x509_privkey_init(pkey);
ret = gnutls_pkcs12_bag_get_data(bag, j, &data);
@@ -986,6 +990,10 @@
if (ret < 0) continue;
break;
case GNUTLS_BAG_CERTIFICATE:
+ /* Ignore any but the first cert encountered; again,
+ * really need to match up keyids. */
+ if (*x5) break;
+
gnutls_x509_crt_init(x5);
ret = gnutls_pkcs12_bag_get_data(bag, j, &data);
More information about the neon
mailing list