[gnutls-devel] GnuTLS | cockpit-certificate-ensure: ../../../lib/x509/common.c:1756: _gnutls_sort_clist: Assertion `k == clist_size' failed. (#1521)

[Read-only notification of GnuTLS library development activities]

Jean-Luc Duprat commented: https://gitlab.com/gnutls/gnutls/-/issues/1521#note_1715238476

The two attached files demonstrate the problem.  They were custom created to repro this issue, no concerns with the key being posted here.

On Fedora 39, if dropped in /etc/cockpit/ws-certs.d/
when the following command is run
`$ sudo /usr/libexec/cockpit-certificate-ensure --check`
```
cockpit-certificate-ensure: ../../../lib/x509/common.c:1756: _gnutls_sort_clist: Assertion `k == clist_size' failed.
Aborted
```
[foo.crt](/uploads/9ee814f28f5a5a10e977eec8ae72e2e8/foo.crt)

[foo.key](/uploads/a5b6023c849813bd01860ff9eb37d9f6/foo.key)

The chain described above is contained in foo.crt and should help answer your questions and repro the issue.

I am not sure of the API calls that cockpit-certificate-ensure is making, however they are likely over here:
[https://github.com/cockpit-project/cockpit/blob/main/src/tls/cockpit-certificate-ensure.c](https://github.com/cockpit-project/cockpit/blob/main/src/tls/cockpit-certificate-ensure.c)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1521#note_1715238476
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240105/be843ff4/attachment.html>