[gnutls-dev] _gnutls_x509_cert2gnutls_cert fails on FreeBSD

[Gergely Nagy]

Hi!

In an attempt to get the latest version of my software to run on
FreeBSD, I think I stumbled upon a bug in GNUTLS.

Whenever I try to add a trust file (gnutls_certificate_set_x509_trust_file),
I get back an ASN1 parse error: "ASN1 parser: Element was not found.".

However, the same program with the same CA, cert and key files works
like a charm on GNU/Linux.

So far, I traced it down to _gnutls_x509_cert2gnutls_cert(). I'm a bit
reluctant to trace it further since my gdb on the FreeBSD box is broken,
and inserting random printf()s and recompiling is a PITA, and I'm not
even sure I'm on the right track - this function, according to the
comment, parses DER format certs. However, my cert is PEM, as far as I
know (however, it may happen that it gets converted to DER internally, I
didn't check that yet).

Oh, I'm using GNUTLS 0.8.6 from the ports collection. Browsing the NEWS
file of CVS HEAD, I see:

- Added an strnstr() function and the requirement in some functions to
  use null terminated PEM structures is no more.

Might this be relevant?

-- 
Gergely Nagy