<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>
GitLab
</title>


<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<div></div>
<h2 dir="auto">
<a id="user-content-description-of-problem" class="anchor" href="#description-of-problem" aria-hidden="true"></a>Description of problem:</h2>
<p dir="auto">Files that don't encrypt the key or certificate, and that don't include MAC (HMAC) in the PKCS#12 files cause errors to be emitted by <code>certtool</code></p>
<h2 dir="auto">
<a id="user-content-version-of-gnutls-used" class="anchor" href="#version-of-gnutls-used" aria-hidden="true"></a>Version of gnutls used:</h2>
<p dir="auto">gnutls-3.6.5-1.el8.x86_64</p>
<h2 dir="auto">
<a id="user-content-distributor-of-gnutls-eg-ubuntu-fedora-rhel" class="anchor" href="#distributor-of-gnutls-eg-ubuntu-fedora-rhel" aria-hidden="true"></a>Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)</h2>
<p dir="auto">RHEL</p>
<h2 dir="auto">
<a id="user-content-how-reproducible" class="anchor" href="#how-reproducible" aria-hidden="true"></a>How reproducible:</h2>
<p dir="auto">always</p>
<ul dir="auto">
<li>download <a href="https://github.com/redhat-qe-security/keyfile-corpus" rel="nofollow noreferrer noopener" target="_blank">https://github.com/redhat-qe-security/keyfile-corpus</a>
</li>
<li>run <code>certtool --p12-info --inder --infile 'keyfile-corpus-keyfiles-0.1.3/ecdsa(P-256,sha256),cert(none),key(none).p12' --password ''</code>
</li>
</ul>
<h2 dir="auto">
<a id="user-content-actual-results" class="anchor" href="#actual-results" aria-hidden="true"></a>Actual results:</h2>
<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">BAG #0</span>
<span id="LC2" class="line" lang="plaintext">       Elements: 1</span>
<span id="LC3" class="line" lang="plaintext">       Type: Certificate</span>
<span id="LC4" class="line" lang="plaintext">       Friendly name: localhost</span>
<span id="LC5" class="line" lang="plaintext">       Key ID: EC:0D:39:91:6E:0F:CF:32:01:C6:A8:B5:18:37:C2:C9:C0:BA:E2:8D</span>
<span id="LC6" class="line" lang="plaintext">-----BEGIN CERTIFICATE-----</span>
<span id="LC7" class="line" lang="plaintext">MIIBbjCCARWgAwIBAgIJAI/IbTxv+I9jMAoGCCqGSM49BAMCMBQxEjAQBgNVBAMM</span>
<span id="LC8" class="line" lang="plaintext">CWxvY2FsaG9zdDAeFw0xNzAzMTcxODEyMDFaFw0xNzA0MTYxODEyMDFaMBQxEjAQ</span>
<span id="LC9" class="line" lang="plaintext">BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCMknyAq</span>
<span id="LC10" class="line" lang="plaintext">nA+3aK3ZOZniUoMdXw2FS32ntx/z5lyNHR/uDccJWqf+pvRrh3KIJ/rBH1senRgZ</span>
<span id="LC11" class="line" lang="plaintext">rxBFNLiSy4jFl6GjUDBOMB0GA1UdDgQWBBRA0Rev/Y1Sim7zT+43/pscgrYNmDAf</span>
<span id="LC12" class="line" lang="plaintext">BgNVHSMEGDAWgBRA0Rev/Y1Sim7zT+43/pscgrYNmDAMBgNVHRMEBTADAQH/MAoG</span>
<span id="LC13" class="line" lang="plaintext">CCqGSM49BAMCA0cAMEQCIHjCu1sp0hot0cJYRfl3/PrFY5cmvIacmhaNydbCCDIE</span>
<span id="LC14" class="line" lang="plaintext">AiBa+Og0kq9JmSQzGgeTmzCOdU/PTSNZ9d8KWE70AgDu1A==</span>
<span id="LC15" class="line" lang="plaintext">-----END CERTIFICATE-----</span>
<span id="LC16" class="line" lang="plaintext"></span>
<span id="LC17" class="line" lang="plaintext">BAG #1</span>
<span id="LC18" class="line" lang="plaintext">      Elements: 1</span>
<span id="LC19" class="line" lang="plaintext">      Type: PKCS #8 Key</span>
<span id="LC20" class="line" lang="plaintext">      Friendly name: localhost</span>
<span id="LC21" class="line" lang="plaintext">      Key ID: EC:0D:39:91:6E:0F:CF:32:01:C6:A8:B5:18:37:C2:C9:C0:BA:E2:8D</span>
<span id="LC22" class="line" lang="plaintext">-----BEGIN PRIVATE KEY-----</span>
<span id="LC23" class="line" lang="plaintext">MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgQRBA0do9FYtTDVeJ</span>
<span id="LC24" class="line" lang="plaintext">+jra/OoPyOwUMxm4AfTWUyI/BrKhRANCAAQjJJ8gKpwPt2it2TmZ4lKDHV8NhUt9</span>
<span id="LC25" class="line" lang="plaintext">p7cf8+ZcjR0f7g3HCVqn/qb0a4dyiCf6wR9bHp0YGa8QRTS4ksuIxZeh</span>
<span id="LC26" class="line" lang="plaintext">-----END PRIVATE KEY-----</span>
<span id="LC27" class="line" lang="plaintext">verify_mac: ASN1 parser: Element was not found.</span>
<span id="LC28" class="line" lang="plaintext">There were errors parsing the structure</span></code></pre>
<h2 dir="auto">
<a id="user-content-expected-results" class="anchor" href="#expected-results" aria-hidden="true"></a>Expected results:</h2>
<p dir="auto">no errors printed</p>

</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777777;">

<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/722">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/sent_notifications/0d14c1c215584ffd5d9c4629b1fba0c8/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/722"}}</script>
</p>
</div>
</body>
</html>