This issue (Debian bug 480041) is almost certainly a neon bug.

I can reproduce the error with a PKCS#12 cert with an embedded CA cert; 
if anybody else seeing this problem can confirm it's fixed with the 
patch below, that would be great.

Regards, Joe

Index: src/ne_gnutls.c
===================================================================
--- src/ne_gnutls.c     (revision 1588)
+++ src/ne_gnutls.c     (working copy)
@@ -974,6 +974,10 @@
             switch (type) {
             case GNUTLS_BAG_PKCS8_KEY:
             case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
+                /* Ignore any but the first key encountered; really
+                 * need to match up keyids. */
+                if (*pkey) break;
+
                 gnutls_x509_privkey_init(pkey);
 
                 ret = gnutls_pkcs12_bag_get_data(bag, j, &data);
@@ -986,6 +990,10 @@
                 if (ret < 0) continue;
                 break;
             case GNUTLS_BAG_CERTIFICATE:
+                /* Ignore any but the first cert encountered; again,
+                 * really need to match up keyids. */
+                if (*x5) break;
+
                 gnutls_x509_crt_init(x5);
 
                 ret = gnutls_pkcs12_bag_get_data(bag, j, &data);



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to