Internal error returned from within gnutls_certificate_set_openpgp_key()

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Sep 23 19:09:26 CEST 2012


On 09/23/2012 04:54 PM, Joke de Buhr wrote:

>> I see this code expects size to get negative at some point,
>> so if you change the type of size to ssize_t does it help?
> 
> i changed the type of size from size_t to ssize_t. on a quick check the error 
> change from GNUTLS_E_INTERNAL_ERROR to GNUTLS_E_MPI_SCAN_FAILED.
> fixing the problem doesn't seem to be that simple unfortunately.

It seems it was an encoding bug that was triggered by the increase in
key size. Thanks for reporting it. The patch below should solve it:
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=4366201402fcdecde2331e4d87c05141207e1027

> well the signing (S), encryption (E) and authentication (A) flags can
be set

> individually with gnupg operating in expert mode (--expert). the master key 
> has an additional flags for certification (C).
> 
> subkeys with authentication flag are used when gpg-agent operates in ssh-agent 
> mode and connects to a ssh server. i'm sure gnupg does the authentication via 
> digital signatures during the sshd handshake.
> 
> since the actual behavior is a bit unclear i think it would be helpful to 
> mention gnutls requires the signing flag in the gnutls documentation. but i can 
> definitely get your point.


Do you have some suggestion on where this should be mentioned?

regards,
Nikos

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20120923/4ba66fc8/attachment.pgp>


More information about the Gnutls-help mailing list