[gnutls-dev] unencrypted PKCS#12
joe at manyfish.co.uk
Sun Oct 24 17:46:28 CEST 2004
On Wed, Oct 20, 2004 at 12:12:03AM +0200, Aleix Conchillo Flaque wrote:
> Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
> > Do you use gnutls_pkcs12_bag_get_type()? In that function you must also
> > specify the index of the bag element to check. Certtool makes use of this
> > function and seems to work.
> Yes, I use that function which is where I get that the unencrypted
> certificate bag is encrypted.
I think this is right, Aleix: the bags really are encrypted, just using
a zero-length password string. I've adjusted the neon code to verify
the MAC manually in both cases and it passes the load_client_cert tests
with the GnuTLS HEAD at least.
More information about the Gnutls-devel