gnuTLS issues
Christian Grothoff
christian at grothoff.org
Mon Aug 25 15:35:49 CEST 2008
I found the problem by reading the code -- not by running any particular test.
What we want to do is HTTPS supporting mostly only canonical features,
certainly nothing exotic. I was trying to understand the code and figure out
what code could / should be removed since we're concerned about code size for
libmicrohttpd.
Is GnuTLS usually compiled with ENABLE_PKI set to 1? When Amir imported the
GnuTLS code, he made sure that this flag was always set -- what does it do?
Christian
On Monday 25 August 2008 06:02:48 am Simon Josefsson wrote:
> Christian Grothoff <christian at grothoff.org> writes:
> > Hi Simon,
> >
> > I've just stumbled over a problem in the GNUtls codebase (dereferencing
> > of uninitialized pointer) and I cannot even figure out how the code was
> > supposed to work. I've filed a report in *our* bugtracking system at:
> >
> > https://gnunet.org/mantis/view.php?id=1417
> >
> > I would appreciate any insight you may have to offer.
>
> Hi Christian!
>
> I agree the code looks broken.
>
> Do you have, or can generate, a test-PKCS#7 blob that can be used to
> test this code? As far as I can see, GnuTLS's certtool cannot generate
> a degenerate PKCS#7 blob with multiple certificates in it. I can't seem
> to see how to generate it using OpenSSL either.
>
> Nikos, do you have any insight to this code? The logic seems broken.
> Finally, do you think anyone will ever need the functionality to load
> certificates from a PKCS#7 blob? It isn't working right now, and nobody
> has complained (well, at least not until now), so maybe we could just
> remove the code.
>
> Christian, how did you find this problem? Do you want to store
> certificate lists in PKCS#7 blobs?
>
> Thanks,
> /Simon
More information about the Gnutls-devel
mailing list