[gnutls-help] gnutls_certificate_set_x509_key_file crashes in Windows
Joseph Peruski
joseph.peruski at escrypt.com
Thu Sep 18 00:40:50 CEST 2014
Hello List,
Hopefully, you can help me with an issue I am having (I'm keeping my fingers crossed).
I've been trying to get my MSVS-based code to work with the latest pre-compiled Win32 version of GnuTLS with p11-kit support (v3.2.16) from [1]. I've taken the example from [2] and have made only slight modifications to it:
- Made the list of #include'd header files Windows friendly.
- gnutls_pkcs11_add_provider is called to set opensc-pkcs11.dll as the PKCS#11 provider.
- The PIN is passed as an argument to gnutls_pkcs11_set_pin_function instead of being entered at the console.
- Deleted the function calls after gnutls_certificate_set_x509_key_file.
Unfortunately, the program crashes during the call to gnutls_certificate_set_x509_key_file (below is the error from Dr. Memory):
Error #1: UNADDRESSABLE ACCESS: reading 4 byte(s)
libgnutls-28.dll!_gnutls_x509_crt_get_extension
../../mingw-w64-crt/crt/crtdll.c(166):
libgnutls-28.dll!_get_authority_key_id
../../mingw-w64-crt/crt/crtdll.c(166):
libgnutls-28.dll!gnutls_x509_crt_get_authority_key_id
../../mingw-w64-crt/crt/crtdll.c(166):
libgnutls-28.dll!gnutls_pkcs11_get_raw_issuer
../../mingw-w64-crt/crt/crtdll.c(166):
libgnutls-28.dll!read_cert_url
../../mingw-w64-crt/crt/crtdll.c(166):
libgnutls-28.dll!read_cert_file
../../mingw-w64-crt/crt/crtdll.c(166):
libgnutls-28.dll!gnutls_certificate_set_x509_key_file2
../../mingw-w64-crt/crt/crtdll.c(166):
KERNEL32.dll!BaseThreadInitThunk
??:0
Note: refers to memory that was freed here:
replace_free
d:\drmemory_package\common\alloc_replace.c(2380):
libgnutls-28.dll!gnutls_x509_crt_deinit
../../mingw-w64-crt/crt/crtdll.c(166):
libgnutls-28.dll!read_cert_url
../../mingw-w64-crt/crt/crtdll.c(166):
libgnutls-28.dll!read_cert_file
../../mingw-w64-crt/crt/crtdll.c(166):
libgnutls-28.dll!gnutls_certificate_set_x509_key_file2
../../mingw-w64-crt/crt/crtdll.c(166):
KERNEL32.dll!BaseThreadInitThunk
??:0
This error also occurs when I use gnutls_certificate_set_x509_key_file2.
My code works for an older pre-compiled version of GnuTLS with p11-kit support (v3.2.2). Also, if I switch to having the certificate / key on the disk instead of on the smartcard, it works for v3.2.16. Lastly, I am able to get the example from [3] working for both v3.2.2 and v3.2.16. With that being said, it doesn't appear that there's anything wrong with my smartcard or my certificates.
Is there something that I'm missing (i.e., a call to a GnuTLS PKCS#11 function prior to gnutls_certificate_set_x509_key_file)? Please advise.
Warm Regards,
Joseph Peruski
[1] ftp://ftp.gnutls.org/gcrypt/gnutls/w32/
[2] http://www.gnutls.org/manual/html_node/Client-using-a-smart-card-with-TLS.html
[3] http://www.gnutls.org/manual/html_node/Reading-objects.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140917/871bb33a/attachment.html>
More information about the Gnutls-help
mailing list