[gnutls-dev] unencrypted PKCS#12

Joe Orton joe at manyfish.co.uk
Sun Oct 24 17:46:28 CEST 2004


On Wed, Oct 20, 2004 at 12:12:03AM +0200, Aleix Conchillo Flaque wrote:
> Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
> 
> > Do you use gnutls_pkcs12_bag_get_type()? In that function you must also 
> > specify the index of the bag element to check. Certtool makes use of this 
> > function and seems to work.
> >
> 
> Yes, I use that function which is where I get that the unencrypted
> certificate bag is encrypted.

I think this is right, Aleix: the bags really are encrypted, just using
a zero-length password string.  I've adjusted the neon code to verify
the MAC manually in both cases and it passes the load_client_cert tests
with the GnuTLS HEAD at least.

joe



More information about the Gnutls-dev mailing list