[gnutls-help] Generating a certificate with an encrypted private key
Nikos Mavrogiannopoulos
nmav at gnutls.org
Thu Feb 7 14:03:16 CET 2013
On Tue, Feb 5, 2013 at 8:43 PM, Yan Fiz <yanfiz at gmail.com> wrote:
> Hello,
>
> I tried to generate a self signed certificate with an encrypted private key.
> GnuTLS 3.0.22 is OK, but GnuTLS 3.1.7 gives error with the same commands.
Thank you for the bug report. Could you check if the attached patch
solves the issue?
regards,
Nikos
-------------- next part --------------
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index 7b31821..586dc09 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -642,10 +642,10 @@ gnutls_x509_privkey_import2 (gnutls_x509_privkey_t key,
if ((password != NULL || (flags & GNUTLS_PKCS_NULL_PASSWORD)) || ret < 0)
{
ret = gnutls_x509_privkey_import_pkcs8(key, data, format, password, flags);
- if (ret < 0)
+ if (ret < 0 && ret != GNUTLS_E_DECRYPTION_FAILED)
{
ret = import_pkcs12_privkey(key, data, format, password, flags);
- if (ret < 0 && format == GNUTLS_X509_FMT_PEM)
+ if (ret < 0 && ret != GNUTLS_E_DECRYPTION_FAILED && format == GNUTLS_X509_FMT_PEM)
{
int err;
err = gnutls_x509_privkey_import_openssl(key, data, password);
More information about the Gnutls-help
mailing list