gnuTLS issues

Simon Josefsson simon at
Tue Aug 26 21:07:02 CEST 2008

Nikos Mavrogiannopoulos <nmav at> writes:

> Simon Josefsson wrote:
>> Christian Grothoff <christian at> writes:
>>> Hi Simon,
>>> I've just stumbled over a problem in the GNUtls codebase (dereferencing of 
>>> uninitialized pointer) and I cannot even figure out how the code was supposed 
>>> to work.  I've filed a report in *our* bugtracking system at:
>>> I would appreciate any insight you may have to offer.
>> Hi Christian!
>> I agree the code looks broken.
>> Do you have, or can generate, a test-PKCS#7 blob that can be used to
>> test this code?  As far as I can see, GnuTLS's certtool cannot generate
>> a degenerate PKCS#7 blob with multiple certificates in it.  I can't seem
>> to see how to generate it using OpenSSL either.
>> Nikos, do you have any insight to this code?  The logic seems broken.
>> Finally, do you think anyone will ever need the functionality to load
>> certificates from a PKCS#7 blob?  It isn't working right now, and nobody
>> has complained (well, at least not until now), so maybe we could just
>> remove the code.
> Please don't remove the code. It is perfectly correct. It seems at some
> point the initialization of tmp was removed (or maybe was never commited
> correctly?). Anyway I've corrected it and it can now parse pkcs7 structures.
> I used openssl-0.9.7c/crypto/pkcs7/t/ff to test.

Ok.  I've added a self tests tests/set_pkcs7_cred.c to test this
functionality.  It doesn't seem to work, but see next e-mail...


More information about the Gnutls-devel mailing list