[gnutls-dev] Client OpenPGP verification fails

[Mario Lenz]

Hi!

> > OK, next try: cert->subject_pk_algorithm in _gnutls_tls_sign_hdata
> > (lib/gnutls_sig.c) is unknown, so the function returns
> > GNUTLS_E_INTERNAL_ERROR.
> 
> Why is subject_pk_algorithm  unknown? For openpgp keys it should be set 
> in openpgp_pk_to_gnutls_cert().

I'm not sure, but it looks like this to me:

_gnutls_handshake_client (lib/gutls_handshake.c) calls
_gnutls_send_client_certificate_verify (lib/gnutls_kx.c) which calls
_gnutls_gen_cert_client_cert_vrfy (lib/auth_cert.c). This one calls
_gnutls_get_selected_cert (same file) to get the certificate. This
certificate is handed to _gnutls_tls_sign_hdata (lib/gnutls_sig.c) which
breaks because cert->subject_pk_algorithm is unknown.

The "selected cert" is set as follows:

_gnutls_handshake_client calls _gnutls_recv_server_certificate_request
(lib/gnutls_kx.c) which calls _gnutls_proc_cert_cert_req
(lib/auth_cert.c). This one calls _select_client_cert (same file) which
calls cred->client_get_cert_callback (call_get_cert_callback in same
file). This one calls cred->client_get_cert_callback (cert_callback in
src/cli.c). Then there are calls to alloc_and_load_pgp_certs and
alloc_and_load_pgp_key, and then _gnutls_selected_certs_set is called.
To me, it doesn't look like openpgp_pk_to_gnutls_cert() is involved
somewhere.

cu

   Mario