[gnutls-devel] Upgrade from 2.10.1 to 3.0.18 caused my external signing stop working.

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Mar 21 16:07:48 CET 2013

On Thu, Mar 21, 2013 at 2:51 PM, Bjørn H. Christensen <BHC at insight.dk> wrote:
> I know that the code have been depreciated, but I can see it is still there:
> I am using  :
> gnutls_certificate_client_set_retrieve_function
> gnutls_sign_callback_set
> to use Certificates from the Microsoft Certificate Store.
> I am using version 3.0.18 and in gnutls_sig.c in the function sign_tls_hash
> on line 228.
> The use of pkey seems wrong.

Nice catch. Note however, that this issue should only occur if you use
TLS 1.2. If you restrict to TLS 1.0 or 1.1 there should be no issues.

I will see whether there can be a hack to solve that, or just return
an error in case TLS 1.2 is mixed with the deprecated function.
To use gnutls_privkey_import_ext2() check lib/tpm.c.


More information about the Gnutls-devel mailing list