[gnutls-devel] Upgrade from 2.10.1 to 3.0.18 caused my external signing stop working.

Bjørn H. Christensen BHC at insight.dk
Thu Mar 21 16:11:22 CET 2013


Thanks for the prompt answer Nikos.

/bhc




-----Original Message-----
From: n.mavrogiannopoulos at gmail.com [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos
Sent: 21. marts 2013 16:08
To: Bjørn H. Christensen
Cc: bugs at gnutls.org
Subject: Re: [gnutls-devel] Upgrade from 2.10.1 to 3.0.18 caused my external signing stop working.

On Thu, Mar 21, 2013 at 2:51 PM, Bjørn H. Christensen <BHC at insight.dk> wrote:
> I know that the code have been depreciated, but I can see it is still there:
> I am using  :
> gnutls_certificate_client_set_retrieve_function
> gnutls_sign_callback_set
> to use Certificates from the Microsoft Certificate Store.
> I am using version 3.0.18 and in gnutls_sig.c in the function 
> sign_tls_hash on line 228.
> The use of pkey seems wrong.

Nice catch. Note however, that this issue should only occur if you use TLS 1.2. If you restrict to TLS 1.0 or 1.1 there should be no issues.

I will see whether there can be a hack to solve that, or just return an error in case TLS 1.2 is mixed with the deprecated function.
To use gnutls_privkey_import_ext2() check lib/tpm.c.

regards,
Nikos


More information about the Gnutls-devel mailing list