2.3.x regression in auth_cert.c:call_get_cert_callback

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Mar 29 11:08:46 CET 2008


Joe Orton wrote:
> The test case in the neon test suite for neon's PKCS#11 interface is 
> broken with 2.3.4; it works with earlier versions (at least 2.3.0, 
> haven't tested the version in between).
> 
> In the test case, neon provides callbacks via both
>  
> a) gnutls_certificate_client_set_retrieve_function and
> b) gnutls_sign_callback_set 
> 
> The callback for (a) finds a keypair via a configured PKCS#11 provider, 
> and sets up st->cert.x509 et al as normal; st->key.x509 is set to NULL, 
> since the callback for (b) is used to delegate the signing operation via 
> PKCS#11.
> 
> GnuTLS now fails if st->key.x509 is NULL; if I avoid that code path as 
> below, it works again.  Is this not the correct way to be using the 
> interface?  There is nothing much else that could be returned in 
> key.x509 for this case, AFAICS.

You're right. I've reverted to the old behaviour.

regards,
Nikos





More information about the Gnutls-devel mailing list