[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 2.3.x regression in auth_cert.c:call_get_cert_callback
From: |
Simon Josefsson |
Subject: |
Re: 2.3.x regression in auth_cert.c:call_get_cert_callback |
Date: |
Mon, 31 Mar 2008 12:28:29 +0200 |
User-agent: |
Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux) |
Joe Orton <address@hidden> writes:
> On Sat, Mar 29, 2008 at 12:08:46PM +0200, Nikos Mavrogiannopoulos wrote:
>> Joe Orton wrote:
>>> GnuTLS now fails if st->key.x509 is NULL; if I avoid that code path as
>>> below, it works again. Is this not the correct way to be using the
>>> interface? There is nothing much else that could be returned in key.x509
>>> for this case, AFAICS.
>>
>> You're right. I've reverted to the old behaviour.
>
> Thanks. With this applied and the new DN functions in 2.3.x, the last
> of the neon regressions relative to OpenSSL are now fixed and for the
> first time I get a 100% pass rate with neon's SSL test suite. And due
> to the external signing callback in GnuTLS, neon supports one major
> feature which is not supported with OpenSSL - PKCS#11.
>
> So, nice work, guys :)
Cool! Can I build and run the neon self test suite relatively easy
myself? It seems it checks a lot TLS stuff, and it might be useful to
run before releasing v2.4.0 to catch silly mistakes.
> 11. load_client_cert...... WARNING: no friendly name given
> ...................... pass (with 1 warning)
...
> 53. pkcs11_dsa............ server child failed: SSL accept failed: SSL error:
> The scanning of a large integer has failed.
Does this refer to anything we should improve in gnutls?
/Simon