[Help-gnutls] _gnutls_fbase64_decode and PEM headers

Mon Jun 11 20:17:57 CEST 2007

Why does _gnutls_fbase64_decode not appear to account for encapsulated
header fields before the base-64 encoded data, as exemplified by
section 4.6 of rfc1421?  I ran into this error using gnutls 1.4.1,
using the gnutls_certificate_set_x509_key_file function with a key
file that includes encapsulated headers.

        rv = gnutls_certificate_set_x509_key_file(queue->root->cred,
                                                  cert_filename,
                                                  key_filename,
                                                  GNUTLS_X509_FMT_PEM);

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,ED00000000000000

BASE64ENCODEDSTUFF...
-----END RSA PRIVATE KEY-----

This ends up returning GNUTLS_E_BASE64_DECODING_ERROR, due to the fact
that it assumes Proc-Type:, etc., are part of the base-64 encoding.

Question B: Am I doing something wrong?

-- 
Michael Welsh Duggan
(mwd at cert.org)