<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=utf-8" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<div></div>

<h2 dir="auto">

<a id="user-content-description-of-problem" class="anchor" href="#description-of-problem" aria-hidden="true"></a>Description of problem:</h2>

<p dir="auto">Files that don't encrypt the key or certificate, and that don't include MAC (HMAC) in the PKCS#12 files cause errors to be emitted by <code>certtool</code></p>

<h2 dir="auto">

<a id="user-content-version-of-gnutls-used" class="anchor" href="#version-of-gnutls-used" aria-hidden="true"></a>Version of gnutls used:</h2>

<p dir="auto">gnutls-3.6.5-1.el8.x86_64</p>

<h2 dir="auto">

<a id="user-content-distributor-of-gnutls-eg-ubuntu-fedora-rhel" class="anchor" href="#distributor-of-gnutls-eg-ubuntu-fedora-rhel" aria-hidden="true"></a>Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)</h2>

<p dir="auto">RHEL</p>

<h2 dir="auto">

<a id="user-content-how-reproducible" class="anchor" href="#how-reproducible" aria-hidden="true"></a>How reproducible:</h2>

<p dir="auto">always</p>

<ul dir="auto">

<li>download <a href="https://github.com/redhat-qe-security/keyfile-corpus" rel="nofollow noreferrer noopener" target="_blank">https://github.com/redhat-qe-security/keyfile-corpus</a>

</li>

<li>run <code>certtool --p12-info --inder --infile 'keyfile-corpus-keyfiles-0.1.3/ecdsa(P-256,sha256),cert(none),key(none).p12' --password ''</code>

</li>

</ul>

<h2 dir="auto">

<a id="user-content-actual-results" class="anchor" href="#actual-results" aria-hidden="true"></a>Actual results:</h2>

<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">BAG #0</span>

<span id="LC2" class="line" lang="plaintext">       Elements: 1</span>

<span id="LC3" class="line" lang="plaintext">       Type: Certificate</span>

<span id="LC4" class="line" lang="plaintext">       Friendly name: localhost</span>

<span id="LC5" class="line" lang="plaintext">       Key ID: EC:0D:39:91:6E:0F:CF:32:01:C6:A8:B5:18:37:C2:C9:C0:BA:E2:8D</span>

<span id="LC6" class="line" lang="plaintext">-----BEGIN CERTIFICATE-----</span>

<span id="LC7" class="line" lang="plaintext">MIIBbjCCARWgAwIBAgIJAI/IbTxv+I9jMAoGCCqGSM49BAMCMBQxEjAQBgNVBAMM</span>

<span id="LC8" class="line" lang="plaintext">CWxvY2FsaG9zdDAeFw0xNzAzMTcxODEyMDFaFw0xNzA0MTYxODEyMDFaMBQxEjAQ</span>

<span id="LC9" class="line" lang="plaintext">BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCMknyAq</span>

<span id="LC10" class="line" lang="plaintext">nA+3aK3ZOZniUoMdXw2FS32ntx/z5lyNHR/uDccJWqf+pvRrh3KIJ/rBH1senRgZ</span>

<span id="LC11" class="line" lang="plaintext">rxBFNLiSy4jFl6GjUDBOMB0GA1UdDgQWBBRA0Rev/Y1Sim7zT+43/pscgrYNmDAf</span>

<span id="LC12" class="line" lang="plaintext">BgNVHSMEGDAWgBRA0Rev/Y1Sim7zT+43/pscgrYNmDAMBgNVHRMEBTADAQH/MAoG</span>

<span id="LC13" class="line" lang="plaintext">CCqGSM49BAMCA0cAMEQCIHjCu1sp0hot0cJYRfl3/PrFY5cmvIacmhaNydbCCDIE</span>

<span id="LC14" class="line" lang="plaintext">AiBa+Og0kq9JmSQzGgeTmzCOdU/PTSNZ9d8KWE70AgDu1A==</span>

<span id="LC15" class="line" lang="plaintext">-----END CERTIFICATE-----</span>

<span id="LC16" class="line" lang="plaintext"></span>

<span id="LC17" class="line" lang="plaintext">BAG #1</span>

<span id="LC18" class="line" lang="plaintext">      Elements: 1</span>

<span id="LC19" class="line" lang="plaintext">      Type: PKCS #8 Key</span>

<span id="LC20" class="line" lang="plaintext">      Friendly name: localhost</span>

<span id="LC21" class="line" lang="plaintext">      Key ID: EC:0D:39:91:6E:0F:CF:32:01:C6:A8:B5:18:37:C2:C9:C0:BA:E2:8D</span>

<span id="LC22" class="line" lang="plaintext">-----BEGIN PRIVATE KEY-----</span>

<span id="LC23" class="line" lang="plaintext">MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgQRBA0do9FYtTDVeJ</span>

<span id="LC24" class="line" lang="plaintext">+jra/OoPyOwUMxm4AfTWUyI/BrKhRANCAAQjJJ8gKpwPt2it2TmZ4lKDHV8NhUt9</span>

<span id="LC25" class="line" lang="plaintext">p7cf8+ZcjR0f7g3HCVqn/qb0a4dyiCf6wR9bHp0YGa8QRTS4ksuIxZeh</span>

<span id="LC26" class="line" lang="plaintext">-----END PRIVATE KEY-----</span>

<span id="LC27" class="line" lang="plaintext">verify_mac: ASN1 parser: Element was not found.</span>

<span id="LC28" class="line" lang="plaintext">There were errors parsing the structure</span></code></pre>

<h2 dir="auto">

<a id="user-content-expected-results" class="anchor" href="#expected-results" aria-hidden="true"></a>Expected results:</h2>

<p dir="auto">no errors printed</p>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777777;">

—

<br>

Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/722">view it on GitLab</a>.

<br>

You're receiving this email because of your account on gitlab.com.

If you'd like to receive fewer emails, you can

<a href="https://gitlab.com/sent_notifications/0d14c1c215584ffd5d9c4629b1fba0c8/unsubscribe">unsubscribe</a>

from this thread or

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/722"}}</script>

</p>

</div>

</body>

</html>