gnuTLS issues
Nikos Mavrogiannopoulos
nmav at gnutls.org
Mon Aug 25 19:02:36 CEST 2008
Simon Josefsson wrote:
> Christian Grothoff <christian at grothoff.org> writes:
>
>> Hi Simon,
>>
>> I've just stumbled over a problem in the GNUtls codebase (dereferencing of
>> uninitialized pointer) and I cannot even figure out how the code was supposed
>> to work. I've filed a report in *our* bugtracking system at:
>>
>> https://gnunet.org/mantis/view.php?id=1417
>>
>> I would appreciate any insight you may have to offer.
>
> Hi Christian!
>
> I agree the code looks broken.
>
> Do you have, or can generate, a test-PKCS#7 blob that can be used to
> test this code? As far as I can see, GnuTLS's certtool cannot generate
> a degenerate PKCS#7 blob with multiple certificates in it. I can't seem
> to see how to generate it using OpenSSL either.
>
> Nikos, do you have any insight to this code? The logic seems broken.
> Finally, do you think anyone will ever need the functionality to load
> certificates from a PKCS#7 blob? It isn't working right now, and nobody
> has complained (well, at least not until now), so maybe we could just
> remove the code.
Please don't remove the code. It is perfectly correct. It seems at some
point the initialization of tmp was removed (or maybe was never commited
correctly?). Anyway I've corrected it and it can now parse pkcs7 structures.
I used openssl-0.9.7c/crypto/pkcs7/t/ff to test.
regards,
Nikos
More information about the Gnutls-devel
mailing list