[sr #108090] Unable to decode PKCS12 with NULL password since 3.0.20
Alexandre Chataignon
INVALID.NOREPLY at gnu.org
Wed Jul 18 18:57:00 CEST 2012
URL:
<http://savannah.gnu.org/support/?108090>
Summary: Unable to decode PKCS12 with NULL password since
3.0.20
Project: GnuTLS
Submitted by: xouillet
Submitted on: Wed 18 Jul 2012 04:56:59 PM GMT
Category: Core library
Priority: 5 - Normal
Severity: 3 - Normal
Status: None
Privacy: Public
Assigned to: None
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Operating System: None
_______________________________________________________
Details:
Since gnutls 3.0.20, decoding of PKCS12 with a NULL password (NULL, not "") is
impossible.
For example this line used to work in gnutls-3.0.19 :
ret = gnutls_certificate_set_x509_simple_pkcs12_file(xcred, pkcs12_f,
GNUTLS_X509_FMT_DER, NULL) ;
The problem comes from line :
lib/x509/privkey_pkcs8.c:1231: if (password == NULL || (flags &
GNUTLS_PKCS_PLAIN))
that used to be
lib/x509/privkey_pkcs8.c:1231: if (flags & GNUTLS_PKCS_PLAIN)
PKCS12 file with NULL password can be easily generated via openssl library,
for example with this python snippet :
from OpenSSL import crypto
key = crypto.load_privatekey(crypto.FILETYPE_PEM,
open("mycert.key").read())
cert = crypto.load_certificate(crypto.FILETYPE_PEM,
open("mycert.crt").read())
p12 = crypto.PKCS12()
p12.set_certificate(cert)
p12.set_privatekey(key)
open("test.p12",'w').write(p12.export())
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?108090>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
More information about the Gnutls-devel
mailing list