[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[sr #108090] Unable to decode PKCS12 with NULL password since 3.0.20
From: |
Alexandre Chataignon |
Subject: |
[sr #108090] Unable to decode PKCS12 with NULL password since 3.0.20 |
Date: |
Wed, 18 Jul 2012 16:57:00 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux i686; rv:13.0) Gecko/20100101 Firefox/13.0.1 |
URL:
<http://savannah.gnu.org/support/?108090>
Summary: Unable to decode PKCS12 with NULL password since
3.0.20
Project: GnuTLS
Submitted by: xouillet
Submitted on: Wed 18 Jul 2012 04:56:59 PM GMT
Category: Core library
Priority: 5 - Normal
Severity: 3 - Normal
Status: None
Privacy: Public
Assigned to: None
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Operating System: None
_______________________________________________________
Details:
Since gnutls 3.0.20, decoding of PKCS12 with a NULL password (NULL, not "") is
impossible.
For example this line used to work in gnutls-3.0.19 :
ret = gnutls_certificate_set_x509_simple_pkcs12_file(xcred, pkcs12_f,
GNUTLS_X509_FMT_DER, NULL) ;
The problem comes from line :
lib/x509/privkey_pkcs8.c:1231: if (password == NULL || (flags &
GNUTLS_PKCS_PLAIN))
that used to be
lib/x509/privkey_pkcs8.c:1231: if (flags & GNUTLS_PKCS_PLAIN)
PKCS12 file with NULL password can be easily generated via openssl library,
for example with this python snippet :
from OpenSSL import crypto
key = crypto.load_privatekey(crypto.FILETYPE_PEM,
open("mycert.key").read())
cert = crypto.load_certificate(crypto.FILETYPE_PEM,
open("mycert.crt").read())
p12 = crypto.PKCS12()
p12.set_certificate(cert)
p12.set_privatekey(key)
open("test.p12",'w').write(p12.export())
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?108090>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [sr #108090] Unable to decode PKCS12 with NULL password since 3.0.20,
Alexandre Chataignon <=