[sr #108090] Unable to decode PKCS12 with NULL password since 3.0.20

Alexandre Chataignon INVALID.NOREPLY at gnu.org
Wed Jul 18 18:57:00 CEST 2012


URL:
  <http://savannah.gnu.org/support/?108090>

                 Summary: Unable to decode PKCS12 with NULL password since
3.0.20
                 Project: GnuTLS
            Submitted by: xouillet
            Submitted on: Wed 18 Jul 2012 04:56:59 PM GMT
                Category: Core library
                Priority: 5 - Normal
                Severity: 3 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
        Operating System: None

    _______________________________________________________

Details:

Since gnutls 3.0.20, decoding of PKCS12 with a NULL password (NULL, not "") is
impossible.

For example this line used to work in gnutls-3.0.19 :
ret = gnutls_certificate_set_x509_simple_pkcs12_file(xcred, pkcs12_f,
GNUTLS_X509_FMT_DER, NULL) ;

The problem comes from line : 
lib/x509/privkey_pkcs8.c:1231:  if (password == NULL || (flags &
GNUTLS_PKCS_PLAIN))

that used to be 
lib/x509/privkey_pkcs8.c:1231:  if (flags & GNUTLS_PKCS_PLAIN)

PKCS12 file with NULL password can be easily generated via openssl library,
for example with this python snippet :

  from OpenSSL import crypto
  key  = crypto.load_privatekey(crypto.FILETYPE_PEM, 
open("mycert.key").read())
  cert = crypto.load_certificate(crypto.FILETYPE_PEM,
open("mycert.crt").read())

  p12 = crypto.PKCS12()
  p12.set_certificate(cert)
  p12.set_privatekey(key)
  open("test.p12",'w').write(p12.export())





    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?108090>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/





More information about the Gnutls-devel mailing list