GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

load_keys: work around GnuTLS 3.7.3 regression

Browse Source 
GnuTLS 3.7.3 introduces a backwards incompatible change and
GNUTLS_E_PKCS11_PIN_ERROR is returned when an encrypted
file is loaded.

Reported at https://gitlab.com/gnutls/gnutls/-/issues/1321

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
This commit is contained in:
Nikos Mavrogiannopoulos
2022-02-10 16:01:29 +01:00
parent 94af87c7a2
commit c1030512a7
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/sec-mod.c
View File

@@ -834,7 +834,10 @@ static int load_keys(sec_mod_st *sec, unsigned force)
gnutls_privkey_import_x509_raw(p, &data,
GNUTLS_X509_FMT_PEM,
NULL, 0);
if (ret == GNUTLS_E_DECRYPTION_FAILED && vhost->pins.pin[0]) {
/* GnuTLS 3.7.3 introduces a backwards incompatible change and
* GNUTLS_E_PKCS11_PIN_ERROR is returned when an encrypted
* file is loaded https://gitlab.com/gnutls/gnutls/-/issues/1321 */
if ((ret == GNUTLS_E_DECRYPTION_FAILED || ret == GNUTLS_E_PKCS11_PIN_ERROR) && vhost->pins.pin[0]) {
ret =
gnutls_privkey_import_x509_raw(p, &data,
GNUTLS_X509_FMT_PEM,