[gnutls-devel] [PATCH] Check the credentials getter functions as part of the unit tests
Nikos Mavrogiannopoulos
nmav at gnutls.org
Mon Oct 6 23:09:05 CEST 2014
On Mon, 2014-10-06 at 15:36 -0400, Armin Burgmeier wrote:
> > Okay, I'll try to do it on the weekend or early next week.
>
> while looking at the code you pointed to, I am not sure I understand the
> following:
>
> When adding a PKCS11 URL with gnutls_x509_trust_list_add_trust_file(),
> basically all that is done is that the pkcs11_token field in the trust
> list structure is set.
>
> However, when using gnutls_x509_trust_list_remove_trust_file() to remove
> a PKCS11 URL, the code imports all certificates from the URL and then
> tries to remove them from the hash table. However, they have never been
> added to the hash table? Is that such that the CA certificates are added
> to the blacklist? In any case, the pkcs11_token field is not reset. Is
> that correct?
That is a bug. It seems that when the add_trust_file() was updated to
keep the URL the remove trust file wasn't updated. I should check to it.
regards,
Nikos
More information about the Gnutls-devel
mailing list