Change in gnutls_certificate_set_x509_key() API from 2.10 to 2.12

Nikos Mavrogiannopoulos nmav at
Sun Nov 20 08:55:28 CET 2011

On 11/20/2011 04:38 AM, Sam Varshavchik wrote:
> I updated from gnutls 2.10 to 2.12 (Fedora 15 to 16). I'm seeing memory
> corruption after recompiling my gnutls client apps. I think I figured
> out why, and I want to make sure that my understanding is correct.
> Looking at gnutls 2.10 source, gnutls_certificate_set_x509_key() calls
> an internal function, _gnutls_x509_privkey_to_gkey() to essentially make
> a copy of the contents of the gnutls_x509_privkey_t parameter. So, in
> 2.10, the caller to gnutls_certificate_set_x509_key() maintains
> exclusive ownership of the gnutls_x509_privkey_t. The caller can destroy
> the gnutls_x509_privkey_t as soon as gnutls_certificate_set_x509_key()
> returns, without affecting the credentials object. That's what I am doing.
> In gnutls 2.12, gnutls_certificate_set_x509_key() is completely
> different. It looks to me like in 2.12, the
> gnutls_certificate_credentials_t object saves a pointer to the
> gnutls_x509_privkey_t structure, essentially, so it /cannot/ be
> destroyed, and must remain in existence as long as
> gnutls_certificate_credentials_t exists, correct? I was destroying
> gnutls_x509_privkey_t immediately after
> gnutls_certificate_set_x509_key(), I no longer needed it. This works in
> 2.10, but doesn't appear to work in 2.12.

Have you checked 2.12.10+? At that version the behavior of
gnutls_certificate_set_x509_key() was made consistent with 2.10.x.


More information about the Gnutls-help mailing list