2.3.x regression in auth_cert.c:call_get_cert_callback

Simon Josefsson simon at josefsson.org
Mon Mar 31 12:28:29 CEST 2008

Joe Orton <joe at manyfish.co.uk> writes:

> On Sat, Mar 29, 2008 at 12:08:46PM +0200, Nikos Mavrogiannopoulos wrote:
>> Joe Orton wrote:
>>> GnuTLS now fails if st->key.x509 is NULL; if I avoid that code path as 
>>> below, it works again.  Is this not the correct way to be using the 
>>> interface?  There is nothing much else that could be returned in key.x509 
>>> for this case, AFAICS.
>> You're right. I've reverted to the old behaviour.
> Thanks.  With this applied and the new DN functions in 2.3.x, the last 
> of the neon regressions relative to OpenSSL are now fixed and for the 
> first time I get a 100% pass rate with neon's SSL test suite.  And due 
> to the external signing callback in GnuTLS, neon supports one major 
> feature which is not supported with OpenSSL - PKCS#11.
> So, nice work, guys :)

Cool!  Can I build and run the neon self test suite relatively easy
myself?  It seems it checks a lot TLS stuff, and it might be useful to
run before releasing v2.4.0 to catch silly mistakes.

> 11. load_client_cert...... WARNING: no friendly name given
>     ...................... pass (with 1 warning)
> 53. pkcs11_dsa............ server child failed: SSL accept failed: SSL error: The scanning of a large integer has failed.

Does this refer to anything we should improve in gnutls?


More information about the Gnutls-devel mailing list