[gnutls-devel] GnuTLS 3.5.8 testsuite error against p11-kit GIT

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Jan 23 08:55:21 CET 2017


On Sun, Jan 22, 2017 at 4:47 PM, Andreas Metzler <ametzler at bebt.de> wrote:
> Hello,
>
> adding cbf1e42e39c030edb3e2c72ae9b4d7dd7ccf3eea,
> 726c08847c263af9c9fd8c74aea738612795dbb6 and
> a126365a49547da6b532210a886bb5d5fc531b77 to p11-kit 0.23.3 causes
> testsuite errors in gnutls 3.5.8:

Would reverting cbf1e42e39c030edb3e2c72ae9b4d7dd7ccf3eea address that?
My guess is that the moving of the pin-value to query component broke
the gnutls test suite. Although that's easily fixable, it may have
impact on existing setups, preventing an out-of-the-box upgrade of
p11-kit.

Checking the pkcs11uri draft's history it seems that the query
attributes came quite late in its definition and at least myself
didn't realize that until now. Maybe we should introduce a
compatibility for attributes like pin-value which have no security
repercussions like the ones mentioned in the commit message.
https://tools.ietf.org/rfcdiff?url2=draft-pechanec-pkcs11uri-13.txt

regards,
Nikos



More information about the Gnutls-devel mailing list