gnuTLS issues

Simon Josefsson simon at josefsson.org
Mon Aug 25 14:02:48 CEST 2008


Christian Grothoff <christian at grothoff.org> writes:

> Hi Simon,
>
> I've just stumbled over a problem in the GNUtls codebase (dereferencing of 
> uninitialized pointer) and I cannot even figure out how the code was supposed 
> to work.  I've filed a report in *our* bugtracking system at:
>
> https://gnunet.org/mantis/view.php?id=1417
>
> I would appreciate any insight you may have to offer.

Hi Christian!

I agree the code looks broken.

Do you have, or can generate, a test-PKCS#7 blob that can be used to
test this code?  As far as I can see, GnuTLS's certtool cannot generate
a degenerate PKCS#7 blob with multiple certificates in it.  I can't seem
to see how to generate it using OpenSSL either.

Nikos, do you have any insight to this code?  The logic seems broken.
Finally, do you think anyone will ever need the functionality to load
certificates from a PKCS#7 blob?  It isn't working right now, and nobody
has complained (well, at least not until now), so maybe we could just
remove the code.

Christian, how did you find this problem?  Do you want to store
certificate lists in PKCS#7 blobs?

Thanks,
/Simon





More information about the Gnutls-devel mailing list