[gnutls-devel] Upgrade from 2.10.1 to 3.0.18 caused my external signing stop working.

Bjørn H. Christensen BHC at insight.dk
Thu Mar 21 14:51:52 CET 2013

I know that the code have been depreciated, but I can see it is still there:

I am using  :



to use Certificates from the Microsoft Certificate Store.

I am using version 3.0.18 and in gnutls_sig.c in the function sign_tls_hash on line 228.

The use of pkey seems wrong.

Make sure that pkey is null.

Then pass null to gnutls_privkey_get_pk_algorithm, that again use the pkey as a pointer but if it is null it will fail.

     /* External signing. Deprecated. To be removed. */

      if (!pkey)


          int ret;

          if (!session->internals.sign_func)

            return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);

          if (!_gnutls_version_has_selectable_sighash (ver))

            return (*session->internals.sign_func)

              (session, session->internals.sign_func_userdata,

               cert->type, &cert->cert, hash_concat, signature);



              gnutls_datum_t digest;

              ret = _gnutls_set_datum(&digest, hash_concat->data, hash_concat->size);

              if (ret < 0)

                return gnutls_assert_val(ret);

              ret = pk_prepare_hash (gnutls_privkey_get_pk_algorithm(pkey, NULL), hash_algo, &digest);

              if (ret < 0)


                  gnutls_assert ();

                  goto es_cleanup;


              ret = (*session->internals.sign_func)

                (session, session->internals.sign_func_userdata,

                 cert->type, &cert->cert, &digest, signature);



              return ret;




I have seen the function gnutls_privkey_import_ext2

Do you have examples on the function to pass.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130321/b07fbeaa/attachment-0001.html>

More information about the Gnutls-devel mailing list