gnutls-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gnuTLS issues

From: Nikos Mavrogiannopoulos
Subject: Re: gnuTLS issues
Date: Mon, 25 Aug 2008 20:02:36 +0300
User-agent: Thunderbird 2.0.0.16 (X11/20080724) 
Simon Josefsson wrote:
> Christian Grothoff <address@hidden> writes:
> 
>> Hi Simon,
>>
>> I've just stumbled over a problem in the GNUtls codebase (dereferencing of 
>> uninitialized pointer) and I cannot even figure out how the code was 
>> supposed 
>> to work.  I've filed a report in *our* bugtracking system at:
>>
>> https://gnunet.org/mantis/view.php?id=1417
>>
>> I would appreciate any insight you may have to offer.
> 
> Hi Christian!
> 
> I agree the code looks broken.
> 
> Do you have, or can generate, a test-PKCS#7 blob that can be used to
> test this code?  As far as I can see, GnuTLS's certtool cannot generate
> a degenerate PKCS#7 blob with multiple certificates in it.  I can't seem
> to see how to generate it using OpenSSL either.
> 
> Nikos, do you have any insight to this code?  The logic seems broken.
> Finally, do you think anyone will ever need the functionality to load
> certificates from a PKCS#7 blob?  It isn't working right now, and nobody
> has complained (well, at least not until now), so maybe we could just
> remove the code.

Please don't remove the code. It is perfectly correct. It seems at some
point the initialization of tmp was removed (or maybe was never commited
correctly?). Anyway I've corrected it and it can now parse pkcs7 structures.

I used openssl-0.9.7c/crypto/pkcs7/t/ff to test.

regards,
Nikos
reply via email to
[Prev in Thread] Current Thread [Next in Thread]