[prev in list] [next in list] [prev in thread] [next in thread]
List: gnutls-dev
Subject: Re: Authenticating with OpenPGP certificates with primary keys marked S2K_GNU_EXT fails
From: Nikos Mavrogiannopoulos <nmav () gnutls ! org>
Date: 2012-01-30 21:07:17
Message-ID: 4F270685.8080707 () gnutls ! org
[Download RAW message or body]
On 01/30/2012 06:31 AM, Sean Buckheister wrote:
> Hello,
>
> today I stumbled across a (from my point of view) major problem with
> OpenPGP certificate handling: it doesn't work when a certificate has no
> private keying material in it's primary key.
>
> Apparently, the ability to read such keys was added to the library in
> late 2008 [0], but only the loader was touched. Loading such a key fails
> when used for TLS authentication, even when there is at least one
> unencrypted, active subkey with Sign/Authenticate capabilities.
[...]
> This finally fails, reading the S2K. Somehow the packet gets shortened
> by two bytes during export. This is due to the exporter not knowing
> about S2K_GNU_EXT, telling it how long one of those S2Ks is fixes the
> problem nicely. A patch that does this (three lines in total, but about
> a day worth of digging through code) is attached.
Thank you! The patch has been applied.
Nikos
_______________________________________________
Gnutls-devel mailing list
Gnutls-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/gnutls-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic