gnuTLS issues

Nikos Mavrogiannopoulos nmav at
Mon Aug 25 19:47:55 CEST 2008

>> Do you have, or can generate, a test-PKCS#7 blob that can be used to
>> test this code?  As far as I can see, GnuTLS's certtool cannot generate
>> a degenerate PKCS#7 blob with multiple certificates in it.  I can't seem
>> to see how to generate it using OpenSSL either.
>> Nikos, do you have any insight to this code?  The logic seems broken.
>> Finally, do you think anyone will ever need the functionality to load
>> certificates from a PKCS#7 blob?  It isn't working right now, and nobody
>> has complained (well, at least not until now), so maybe we could just
>> remove the code.
> Please don't remove the code. It is perfectly correct. It seems at some
> point the initialization of tmp was removed (or maybe was never commited
> correctly?). Anyway I've corrected it and it can now parse pkcs7 structures.

And if I remember correctly this feature was used to convert the
certificate lists (pkcs7) from the NIST tests.


More information about the Gnutls-devel mailing list