gnuTLS issues
Nikos Mavrogiannopoulos
nmav at gnutls.org
Mon Aug 25 19:47:55 CEST 2008
>> Do you have, or can generate, a test-PKCS#7 blob that can be used to
>> test this code? As far as I can see, GnuTLS's certtool cannot generate
>> a degenerate PKCS#7 blob with multiple certificates in it. I can't seem
>> to see how to generate it using OpenSSL either.
>>
>> Nikos, do you have any insight to this code? The logic seems broken.
>> Finally, do you think anyone will ever need the functionality to load
>> certificates from a PKCS#7 blob? It isn't working right now, and nobody
>> has complained (well, at least not until now), so maybe we could just
>> remove the code.
>
> Please don't remove the code. It is perfectly correct. It seems at some
> point the initialization of tmp was removed (or maybe was never commited
> correctly?). Anyway I've corrected it and it can now parse pkcs7 structures.
And if I remember correctly this feature was used to convert the
certificate lists (pkcs7) from the NIST tests.
regards,
Nikos
More information about the Gnutls-devel
mailing list