2.3.x regression in auth_cert.c:call_get_cert_callback

Mon Mar 31 11:38:55 CEST 2008

On Sat, Mar 29, 2008 at 12:08:46PM +0200, Nikos Mavrogiannopoulos wrote:
> Joe Orton wrote:
>> GnuTLS now fails if st->key.x509 is NULL; if I avoid that code path as 
>> below, it works again.  Is this not the correct way to be using the 
>> interface?  There is nothing much else that could be returned in key.x509 
>> for this case, AFAICS.
>
> You're right. I've reverted to the old behaviour.

Thanks.  With this applied and the new DN functions in 2.3.x, the last 
of the neon regressions relative to OpenSSL are now fixed and for the 
first time I get a 100% pass rate with neon's SSL test suite.  And due 
to the external signing callback in GnuTLS, neon supports one major 
feature which is not supported with OpenSSL - PKCS#11.

So, nice work, guys :)

joe
-------------- next part --------------
make[1]: Entering directory `/local/neon/neon-gnutls/src'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/local/neon/neon-gnutls/src'
make[1]: Entering directory `/local/neon/neon-gnutls/test'
-> running `ssl':
 0. init.................. pass
 1. load_server_certs..... pass
 2. trust_default_ca...... pass
 3. cert_fingerprint...... pass
 4. cert_identities....... pass
 5. cert_validity......... pass
 6. cert_compare.......... pass
 7. dname_compare......... pass
 8. dname_readable........ pass
 9. import_export......... pass
10. read_write............ pass
11. load_client_cert...... WARNING: no friendly name given
    ...................... pass (with 1 warning)
12. simple................ pass
13. simple_sslv2.......... pass
14. simple_eof............ pass
15. empty_truncated_eof... pass
16. fail_not_ssl.......... pass
17. cache_cert............ pass
18. client_cert_pkcs12.... pass
19. ccert_unencrypted..... pass
20. client_cert_provided.. pass
21. cc_provided_dnames.... pass
22. parse_cert............ pass
23. parse_chain........... pass
24. no_verify............. pass
25. cache_verify.......... pass
26. wildcard_match........ pass
27. caseless_match........ pass
28. subject_altname....... pass
29. two_subject_altname... pass
30. two_subject_altname2.. pass
31. notdns_altname........ pass
32. ipaddr_altname........ pass
33. uri_altname........... pass
34. multi_commonName...... pass
35. commonName_first...... pass
36. fail_wrongCN.......... pass
37. fail_expired.......... pass
38. fail_notvalid......... pass
39. fail_untrusted_ca..... pass
40. fail_self_signed...... pass
41. fail_missing_CN....... pass
42. fail_host_ipaltname... pass
43. fail_bad_ipaltname.... pass
44. fail_bad_urialtname... pass
45. session_cache......... pass
46. fail_tunnel........... pass
47. proxy_tunnel.......... pass
48. auth_proxy_tunnel..... pass
49. auth_tunnel_creds..... pass
50. auth_tunnel_fail...... pass
51. nonssl_trust.......... pass
52. pkcs11................ pass
53. pkcs11_dsa............ server child failed: SSL accept failed: SSL error: The scanning of a large integer has failed.
xfail
<- summary for `ssl': of 54 tests run: 54 passed, 0 failed. 100.0%
-> 1 warning was issued.
make[1]: Leaving directory `/local/neon/neon-gnutls/test'