[Help-gnutls] Re: Failure to import an OpenPGP private key

Ludovic Courtès ludovic.courtes at laas.fr
Mon Jan 15 11:25:31 CET 2007 

Hi,

Simon Josefsson <simon at josefsson.org> writes:

> Installed in CVS now.  Could you suggest the patch to fix your
> original problem, using this new scheme?

Thanks for doing it!  Attached is the updated patch.

> I just realized a thing: I'm not sure we are really breaking the
> API/ABI here though.  No public API/ABI is modified, only internal
> _gnutls_* APIs.  The same holds for your first patch.

Indeed, no _public_ ABI/API is modified.  That said, the ABI _is_
modified: one cannot use an older `libgnutls-extra' with a newer
`libgnutls' (or vice versa).  But that would have been an issue only if
one had been allowed to use different versions of `libgnutls-extra' and
`libgnutls' together.

> Changing
> _gnutls_* APIs without bumping the shared library version should be
> ok, right?  gnutls-extra should be the only user of those _gnutls*
> symbols, and libgnutls-extra is only ever guaranteed to work with the
> same version of libgnutls (and gnutls_global_init_extra already checks
> this).

Ok, so there's not problem.  ;-)

Changing the SO version should be ok.

> Anyway, I think the installed patch is cleaner.  For one, it removed
> including GPL'd gnutls-extra header files in the LGPL'd libgnutls,
> which seems like a good step.  There are still some variables which
> are used between gnutls and gnutls-extra, but I'll see if they cause
> any real problems (e.g., on mingw32) before working on moving those to
> a function-based API.

Good.

In my original message [0], I had in mind something that would implement
a slightly higher abstraction level over certificate types, such that no
X509/OpenPGP-specific code and no `switch (certtype)' need to appear in
`auth_cert.c' et al.  For instance, we'd move the
`proc_{x509,openpgp}_server_certificate ()' functions to specific files,
and instead just call
`_gnutls_cert_vtable[certtype].process_server_certificate ()', and so on.

But maybe it's a bit cosmetic.

Thanks,
Ludovic.

[0] http://lists.gnu.org/archive/html/help-gnutls/2007-01/msg00008.html


ChangeLog entry:

	* lib/gnutls_cert.c (_gnutls_raw_privkey_to_gkey): Pass KEY_ENC to
	`_E_gnutls_openpgp_raw_privkey_to_gkey ()'.

	* lib/gnutls_extra_hooks.h
	(_gnutls_openpgp_raw_privkey_to_gkey_func): Added a
	`gnutls_openpgp_key_fmt_t' argument.

	* libextra/gnutls_openpgp.c
	(_gnutls_openpgp_raw_privkey_to_gkey): Take a new FORMAT
	argument.  When FORMAT is `BASE64', set the armor flag on OUT.
	(gnutls_certificate_set_openpgp_key_mem): Pass
	`GNUTLS_OPENPGP_FMT_RAW' as the last argument to
	`_gnutls_openpgp_raw_privkey_to_gkey ()'.

	* libextra/openpgp/gnutls_openpgp.h
	(_gnutls_openpgp_raw_privkey_to_gkey): Updated accordingly.

	* libextra/openpgp/privkey.c (gnutls_openpgp_privkey_import):
	Pass FORMAT to `_gnutls_openpgp_raw_privkey_to_gkey ()'.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: ,,armored-priv-key-2.diff
Type: text/x-diff
Size: 3623 bytes
Desc: The updated patch.
URL: </pipermail/attachments/20070115/0cd10b86/attachment.diff>

More information about the Gnutls-help mailing list