gnuTLS issues
Simon Josefsson
simon at josefsson.org
Tue Aug 26 21:07:02 CEST 2008
Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
> Simon Josefsson wrote:
>> Christian Grothoff <christian at grothoff.org> writes:
>>
>>> Hi Simon,
>>>
>>> I've just stumbled over a problem in the GNUtls codebase (dereferencing of
>>> uninitialized pointer) and I cannot even figure out how the code was supposed
>>> to work. I've filed a report in *our* bugtracking system at:
>>>
>>> https://gnunet.org/mantis/view.php?id=1417
>>>
>>> I would appreciate any insight you may have to offer.
>>
>> Hi Christian!
>>
>> I agree the code looks broken.
>>
>> Do you have, or can generate, a test-PKCS#7 blob that can be used to
>> test this code? As far as I can see, GnuTLS's certtool cannot generate
>> a degenerate PKCS#7 blob with multiple certificates in it. I can't seem
>> to see how to generate it using OpenSSL either.
>>
>> Nikos, do you have any insight to this code? The logic seems broken.
>> Finally, do you think anyone will ever need the functionality to load
>> certificates from a PKCS#7 blob? It isn't working right now, and nobody
>> has complained (well, at least not until now), so maybe we could just
>> remove the code.
>
> Please don't remove the code. It is perfectly correct. It seems at some
> point the initialization of tmp was removed (or maybe was never commited
> correctly?). Anyway I've corrected it and it can now parse pkcs7 structures.
>
> I used openssl-0.9.7c/crypto/pkcs7/t/ff to test.
Ok. I've added a self tests tests/set_pkcs7_cred.c to test this
functionality. It doesn't seem to work, but see next e-mail...
/Simon
More information about the Gnutls-devel
mailing list