[gnutls-dev] Some problems with GnuTLS 0.9.95

[Gergely Nagy]

Hi!

While updating a project of mine to take advantage of GnuTLS 0.9, I
noticed a few glitches. The most annoying one is that the prototype
for gnutls_handshake_set_rsa_pms_check is included in gnutls/gnutls.h,
but the function itself was removed from the library. I think the
header would need an update to reflect this.

Another problem is that gnutls_x509_crt_get_dn() does not work as
documented. According to the docs, when I call gnutls_x509_crt_get_dn
(crt, NULL, &size), it should set size to the length of the
DN. However, it does not, and returns GNUTLS_E_INVALID_REQUEST (size
was set to 0 before the call, but if the buffer is NULL, I think that
gnutls_x509_crt_get_dn should ignore the initial value of size). Using
gnutls_x509_crt_get_dn (crt, &tmp_buf, &size), where tmp_buf is a
single char, and size is 1, works as expected. Well, almost. I'd
expect that this code would get me a DN:

gnutls_x509_crt cert;
char *buf;
size_t size = 0;

[...]
gnutls_x509_crt_get_dn (cert, NULL, &size);
buf = (char *)malloc (size);
gnutls_x509_crt_get_dn (cert, buf, &size);
[...]

However, I'm using something like this to work around the problems I
found:

gnutls_x509_crt cert;
char *buf, tmp_buf[3];
size_t size = 1;

[...]
gnutls_x509_crt_get_dn (cert, tmp_buf, &size);
size += 2;
buf = (char *)malloc (size);
gnutls_x509_crt_get_dn (cert, buf, &size);
[...]

I think this is horrible.

I would suggest an audit of all functions that should behave similarly
to check if they do (last I checked, gnutls_server_name_get() worked
for example).

Cheers,
-- 
Gergely Nagy