gnuTLS issues

Simon Josefsson simon at josefsson.org
Tue Aug 26 21:07:02 CEST 2008


Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:

> Simon Josefsson wrote:
>> Christian Grothoff <christian at grothoff.org> writes:
>> 
>>> Hi Simon,
>>>
>>> I've just stumbled over a problem in the GNUtls codebase (dereferencing of 
>>> uninitialized pointer) and I cannot even figure out how the code was supposed 
>>> to work.  I've filed a report in *our* bugtracking system at:
>>>
>>> https://gnunet.org/mantis/view.php?id=1417
>>>
>>> I would appreciate any insight you may have to offer.
>> 
>> Hi Christian!
>> 
>> I agree the code looks broken.
>> 
>> Do you have, or can generate, a test-PKCS#7 blob that can be used to
>> test this code?  As far as I can see, GnuTLS's certtool cannot generate
>> a degenerate PKCS#7 blob with multiple certificates in it.  I can't seem
>> to see how to generate it using OpenSSL either.
>> 
>> Nikos, do you have any insight to this code?  The logic seems broken.
>> Finally, do you think anyone will ever need the functionality to load
>> certificates from a PKCS#7 blob?  It isn't working right now, and nobody
>> has complained (well, at least not until now), so maybe we could just
>> remove the code.
>
> Please don't remove the code. It is perfectly correct. It seems at some
> point the initialization of tmp was removed (or maybe was never commited
> correctly?). Anyway I've corrected it and it can now parse pkcs7 structures.
>
> I used openssl-0.9.7c/crypto/pkcs7/t/ff to test.

Ok.  I've added a self tests tests/set_pkcs7_cred.c to test this
functionality.  It doesn't seem to work, but see next e-mail...

/Simon





More information about the Gnutls-devel mailing list