gnutls-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gnuTLS issues

From: Simon Josefsson
Subject: Re: gnuTLS issues
Date: Tue, 26 Aug 2008 21:07:02 +0200
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux) 
Nikos Mavrogiannopoulos <address@hidden> writes:

> Simon Josefsson wrote:
>> Christian Grothoff <address@hidden> writes:
>> 
>>> Hi Simon,
>>>
>>> I've just stumbled over a problem in the GNUtls codebase (dereferencing of 
>>> uninitialized pointer) and I cannot even figure out how the code was 
>>> supposed 
>>> to work.  I've filed a report in *our* bugtracking system at:
>>>
>>> https://gnunet.org/mantis/view.php?id=1417
>>>
>>> I would appreciate any insight you may have to offer.
>> 
>> Hi Christian!
>> 
>> I agree the code looks broken.
>> 
>> Do you have, or can generate, a test-PKCS#7 blob that can be used to
>> test this code?  As far as I can see, GnuTLS's certtool cannot generate
>> a degenerate PKCS#7 blob with multiple certificates in it.  I can't seem
>> to see how to generate it using OpenSSL either.
>> 
>> Nikos, do you have any insight to this code?  The logic seems broken.
>> Finally, do you think anyone will ever need the functionality to load
>> certificates from a PKCS#7 blob?  It isn't working right now, and nobody
>> has complained (well, at least not until now), so maybe we could just
>> remove the code.
>
> Please don't remove the code. It is perfectly correct. It seems at some
> point the initialization of tmp was removed (or maybe was never commited
> correctly?). Anyway I've corrected it and it can now parse pkcs7 structures.
>
> I used openssl-0.9.7c/crypto/pkcs7/t/ff to test.

Ok.  I've added a self tests tests/set_pkcs7_cred.c to test this
functionality.  It doesn't seem to work, but see next e-mail...

/Simon
reply via email to
[Prev in Thread] Current Thread [Next in Thread]