[gnutls-devel] Upgrade from 2.10.1 to 3.0.18 caused my external signing stop working.
Bjørn H. Christensen
BHC at insight.dk
Thu Mar 21 14:51:52 CET 2013
I know that the code have been depreciated, but I can see it is still there:
I am using :
gnutls_certificate_client_set_retrieve_function
gnutls_sign_callback_set
to use Certificates from the Microsoft Certificate Store.
I am using version 3.0.18 and in gnutls_sig.c in the function sign_tls_hash on line 228.
The use of pkey seems wrong.
Make sure that pkey is null.
Then pass null to gnutls_privkey_get_pk_algorithm, that again use the pkey as a pointer but if it is null it will fail.
/* External signing. Deprecated. To be removed. */
if (!pkey)
{
int ret;
if (!session->internals.sign_func)
return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
if (!_gnutls_version_has_selectable_sighash (ver))
return (*session->internals.sign_func)
(session, session->internals.sign_func_userdata,
cert->type, &cert->cert, hash_concat, signature);
else
{
gnutls_datum_t digest;
ret = _gnutls_set_datum(&digest, hash_concat->data, hash_concat->size);
if (ret < 0)
return gnutls_assert_val(ret);
ret = pk_prepare_hash (gnutls_privkey_get_pk_algorithm(pkey, NULL), hash_algo, &digest);
if (ret < 0)
{
gnutls_assert ();
goto es_cleanup;
}
ret = (*session->internals.sign_func)
(session, session->internals.sign_func_userdata,
cert->type, &cert->cert, &digest, signature);
es_cleanup:
gnutls_free(digest.data);
return ret;
}
}
PS:
I have seen the function gnutls_privkey_import_ext2
Do you have examples on the function to pass.
/bhc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130321/b07fbeaa/attachment-0001.html>
More information about the Gnutls-devel
mailing list