2.3.x regression in auth_cert.c:call_get_cert_callback
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sat Mar 29 11:08:46 CET 2008
Joe Orton wrote:
> The test case in the neon test suite for neon's PKCS#11 interface is
> broken with 2.3.4; it works with earlier versions (at least 2.3.0,
> haven't tested the version in between).
>
> In the test case, neon provides callbacks via both
>
> a) gnutls_certificate_client_set_retrieve_function and
> b) gnutls_sign_callback_set
>
> The callback for (a) finds a keypair via a configured PKCS#11 provider,
> and sets up st->cert.x509 et al as normal; st->key.x509 is set to NULL,
> since the callback for (b) is used to delegate the signing operation via
> PKCS#11.
>
> GnuTLS now fails if st->key.x509 is NULL; if I avoid that code path as
> below, it works again. Is this not the correct way to be using the
> interface? There is nothing much else that could be returned in
> key.x509 for this case, AFAICS.
You're right. I've reverted to the old behaviour.
regards,
Nikos
More information about the Gnutls-devel
mailing list