[gnutls-devel] Upgrade from 2.10.1 to 3.0.18 caused my external signing stop working.
Bjørn H. Christensen
BHC at insight.dk
Thu Mar 21 16:19:48 CET 2013
Hello Nikos,
Excluding TLS1.2 worked.
Checking patch tomorrow, will let you know the result, I saw a similar somewhere else in the code.
/bhc
-----Original Message-----
From: n.mavrogiannopoulos at gmail.com [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos
Sent: 21. marts 2013 16:08
To: Bjørn H. Christensen
Cc: bugs at gnutls.org
Subject: Re: [gnutls-devel] Upgrade from 2.10.1 to 3.0.18 caused my external signing stop working.
On Thu, Mar 21, 2013 at 2:51 PM, Bjørn H. Christensen <BHC at insight.dk> wrote:
> I know that the code have been depreciated, but I can see it is still there:
> I am using :
> gnutls_certificate_client_set_retrieve_function
> gnutls_sign_callback_set
> to use Certificates from the Microsoft Certificate Store.
> I am using version 3.0.18 and in gnutls_sig.c in the function
> sign_tls_hash on line 228.
> The use of pkey seems wrong.
Nice catch. Note however, that this issue should only occur if you use TLS 1.2. If you restrict to TLS 1.0 or 1.1 there should be no issues.
I will see whether there can be a hack to solve that, or just return an error in case TLS 1.2 is mixed with the deprecated function.
To use gnutls_privkey_import_ext2() check lib/tpm.c.
regards,
Nikos
More information about the Gnutls-devel
mailing list