[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_10_0-12-g79e34
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_10_0-12-g79e3470 |
|
Date: |
Sat, 24 Jul 2010 14:25:47 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=79e34700083ea05129a2528d53dda161a04e3d27
The branch, gnutls_2_10_x has been updated
via 79e34700083ea05129a2528d53dda161a04e3d27 (commit)
from ca71c7f33407faeaca6d89a96c9d3466b37234d9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 79e34700083ea05129a2528d53dda161a04e3d27
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Jul 24 16:18:20 2010 +0200
gnutls_x509_privkey_import() will fallback to
gnutls_x509_privkey_import_pkcs8() without a password, if it is unable to
decode the key.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 4 ++++
lib/gnutls_x509.c | 8 --------
lib/x509/privkey.c | 26 +++++++++++++++++++-------
src/certtool.c | 15 ++++-----------
4 files changed, 27 insertions(+), 26 deletions(-)
diff --git a/NEWS b/NEWS
index 0af5b2c..141ddf5 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,10 @@ with strange OIDs.
** gnutls-cli: Allow verification using V1 CAs.
+** libgnutls: gnutls_x509_privkey_import() will fallback to
+gnutls_x509_privkey_import_pkcs8() without a password, if it
+is unable to decode the key.
+
** libgnutls: Correctly deinitialize crypto API functions to prevent
a memory leak. Reported by Mads Kiilerich.
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index d93406a..5dd01ef 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -544,14 +544,6 @@ _gnutls_x509_raw_privkey_to_gkey (gnutls_privkey * privkey,
}
ret = gnutls_x509_privkey_import (tmpkey, raw_key, type);
-
-#ifdef ENABLE_PKI
- /* If normal key decoding doesn't work try decoding a plain PKCS #8 key */
- if (ret < 0)
- ret = gnutls_x509_privkey_import_pkcs8 (tmpkey, raw_key, type,
- NULL, GNUTLS_PKCS_PLAIN);
-#endif
-
if (ret < 0)
{
gnutls_assert ();
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index f493804..bc1c31e 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -357,7 +357,8 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
/* Try the first header */
result =
_gnutls_fbase64_decode (PEM_KEY_RSA, data->data, data->size, &out);
- key->pk_algorithm = GNUTLS_PK_RSA;
+
+ if (result >= 0) key->pk_algorithm = GNUTLS_PK_RSA;
if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
{
@@ -365,15 +366,16 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
result =
_gnutls_fbase64_decode (PEM_KEY_DSA, data->data, data->size,
&out);
- key->pk_algorithm = GNUTLS_PK_DSA;
-
if (result <= 0)
{
if (result == 0)
result = GNUTLS_E_INTERNAL_ERROR;
gnutls_assert ();
- return result;
+
+ goto failover;
}
+
+ key->pk_algorithm = GNUTLS_PK_DSA;
}
_data.data = out;
@@ -415,7 +417,7 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
{
gnutls_assert ();
result = GNUTLS_E_ASN1_DER_ERROR;
- goto cleanup;
+ goto failover;
}
if (need_free)
@@ -426,10 +428,20 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
return 0;
-cleanup:
- key->pk_algorithm = GNUTLS_PK_UNKNOWN;
+failover:
+ /* Try PKCS #8 */
+#ifdef ENABLE_PKI
+ if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
+ {
+ _gnutls_debug_log("Falling back to PKCS #8 key decoding\n");
+ result = gnutls_x509_privkey_import_pkcs8 (key, data, format,
+ NULL, GNUTLS_PKCS_PLAIN);
+ }
+#endif
+
if (need_free)
_gnutls_free_datum (&_data);
+
return result;
}
diff --git a/src/certtool.c b/src/certtool.c
index 4ffc721..8d6efd2 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -1539,20 +1539,13 @@ privkey_info (void)
/* If we failed to import the certificate previously try PKCS #8 */
if (info.pkcs8 || ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
{
- /* first try to import the key without asking any password */
+ if (info.pass)
+ pass = info.pass;
+ else
+ pass = get_pass ();
ret = gnutls_x509_privkey_import_pkcs8 (key, &pem,
- info.incert_format,
- NULL, GNUTLS_PKCS_PLAIN);
- if (ret < 0)
- {
- if (info.pass)
- pass = info.pass;
- else
- pass = get_pass ();
- ret = gnutls_x509_privkey_import_pkcs8 (key, &pem,
info.incert_format,
pass, 0);
- }
}
if (ret < 0)
error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (ret));
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_10_0-12-g79e3470,
Nikos Mavrogiannopoulos <=