[gnutls-dev] unencrypted PKCS#12

Joe Orton joe at manyfish.co.uk
Wed Oct 27 09:04:37 CEST 2004


On Wed, Oct 27, 2004 at 08:07:22AM +0200, Nikos Mavrogiannopoulos wrote:
> On Tuesday 19 October 2004 00:21, Aleix Conchillo Flaque wrote:
> > Hi,
> >
> > I'm playing around opening some PKCS#12 files and I've found something
> > curious. When PKCS#12s are not encrypted:
> >
> > - gnutls_pkcs12_bag_decrypt(bag, "") works, but if I pass a NULL I get
> >   a segmentation fault.
> I think I fixed that. Now it should return an error.
> 
> > - gnutls_x509_privkey_import_pkcs8(key, &key_data, GNUTLS_X509_FMT_DER,
> >                                    NULL, 0)
> >   here if I pass an empty password "" instead of NULL I get an
> >   GNUTLS_E_MPI_SCAN_FAILED error (The scanning of a large integer has
> >   failed).
> This is not really a bug. You cannot use empty passwords. Use the flag 
> GNUTLS_PKCS_PLAIN or a NULL password instead, if you want to disable 
> encryption.

This has broken neon again!  The unclient.p12 certificate isn't readable
again now.  We had this working OK in neon with the old GNU TLS code.

joe




More information about the Gnutls-devel mailing list