gnuTLS issues

Simon Josefsson simon at josefsson.org
Thu Aug 28 10:01:37 CEST 2008


"Nikos Mavrogiannopoulos" <nmav at gnutls.org> writes:

> On Wed, Aug 27, 2008 at 5:46 PM, Simon Josefsson <simon at josefsson.org> wrote:
>> Ah, no.  What I suggest is to remove the code to read PKCS#7 certificate
>> chains in the gnutls_certificate_set_x509_key* functions.
>>
>> The current code hasn't worked since v0.9.0 and apparently nobody has
>> missed it, see tests/set_pkcs7_cred.c for example code.  Storing
>> certificate chains in PKCS#7 blobs is not what that standard is intended
>> for.  Getting rid of the code may speed up loading certificate slightly,
>> and will definitely improve code readability.
>>
>> The PKCS#7 functions used by certtool --p7-info are fine.
>> What do you think?
>
> ok then! I thought you were talking about the whole pkcs7 parsing
> functionality.

Here is the patch I installed.

http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=cf07213ed160ce93d14a5801ace847b12b281ee5

/Simon





More information about the Gnutls-devel mailing list