Re: 2.3.x regression in auth_cert.c:call_get_cert

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 2.3.x regression in auth_cert.c:call_get_cert_callback

From:	Nikos Mavrogiannopoulos
Subject:	Re: 2.3.x regression in auth_cert.c:call_get_cert_callback
Date:	Sat, 29 Mar 2008 12:08:46 +0200
User-agent:	Thunderbird 2.0.0.6 (X11/20071022)

Joe Orton wrote:

The test case in the neon test suite for neon's PKCS#11 interface isbroken with 2.3.4; it works with earlier versions (at least 2.3.0,haven't tested the version in between).
In the test case, neon provides callbacks via both
a) gnutls_certificate_client_set_retrieve_function andb) gnutls_sign_callback_setThe callback for (a) finds a keypair via a configured PKCS#11 provider,and sets up st->cert.x509 et al as normal; st->key.x509 is set to NULL,since the callback for (b) is used to delegate the signing operation viaPKCS#11.
GnuTLS now fails if st->key.x509 is NULL; if I avoid that code path asbelow, it works again. Is this not the correct way to be using theinterface? There is nothing much else that could be returned inkey.x509 for this case, AFAICS.


You're right. I've reverted to the old behaviour.

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

2.3.x regression in auth_cert.c:call_get_cert_callback, Joe Orton, 2008/03/28
- Re: 2.3.x regression in auth_cert.c:call_get_cert_callback, Nikos Mavrogiannopoulos <=
  - Re: 2.3.x regression in auth_cert.c:call_get_cert_callback, Joe Orton, 2008/03/31
    - Re: 2.3.x regression in auth_cert.c:call_get_cert_callback, Simon Josefsson, 2008/03/31
    - Re: 2.3.x regression in auth_cert.c:call_get_cert_callback, Joe Orton, 2008/03/31

Prev by Date: 2.3.x regression in auth_cert.c:call_get_cert_callback
Next by Date: GNUTLS_E_UNEXPECTED_PACKET_LENGTH
Previous by thread: 2.3.x regression in auth_cert.c:call_get_cert_callback
Next by thread: Re: 2.3.x regression in auth_cert.c:call_get_cert_callback
Index(es):
- Date
- Thread