Quantcast

[gnutls-devel] GnuTLS 3.5.8 testsuite error against p11-kit GIT

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[gnutls-devel] GnuTLS 3.5.8 testsuite error against p11-kit GIT

Andreas Metzler-3
Hello,

adding cbf1e42e39c030edb3e2c72ae9b4d7dd7ccf3eea,
726c08847c263af9c9fd8c74aea738612795dbb6 and
a126365a49547da6b532210a886bb5d5fc531b77 to p11-kit 0.23.3 causes
testsuite errors in gnutls 3.5.8:

8X----------------------------------------------------------------
PASS: pkcs11/pkcs11-privkey
FAIL: pkcs11/pkcs11-pubkey-import-rsa
FAIL: pkcs11/pkcs11-pubkey-import-ecdsa
PASS: pkcs11-import-url-privkey
PASS: pkcs11-privkey-fork
FAIL: pkcs11/pkcs11-ec-privkey-test
PASS: pkcs11-privkey-always-auth
[...]
FAIL: pkcs11/pkcs11-pubkey-import-rsa
=====================================

Testing RSA key
The token has been initialized.
error in 185: The requested PKCS #11 object is not available
FAIL pkcs11/pkcs11-pubkey-import-rsa (exit status: 1)

FAIL: pkcs11/pkcs11-pubkey-import-ecdsa
=======================================

Testing ECDSA key
The token has been initialized.
error in 185: The requested PKCS #11 object is not available
FAIL pkcs11/pkcs11-pubkey-import-ecdsa (exit status: 1)

FAIL: pkcs11/pkcs11-ec-privkey-test
===================================

The token has been initialized.
error in 191: The requested PKCS #11 object is not available
FAIL pkcs11/pkcs11-ec-privkey-test (exit status: 1)
8X----------------------------------------------------------------

cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [gnutls-devel] GnuTLS 3.5.8 testsuite error against p11-kit GIT

Nikos Mavrogiannopoulos
On Sun, Jan 22, 2017 at 4:47 PM, Andreas Metzler <[hidden email]> wrote:
> Hello,
>
> adding cbf1e42e39c030edb3e2c72ae9b4d7dd7ccf3eea,
> 726c08847c263af9c9fd8c74aea738612795dbb6 and
> a126365a49547da6b532210a886bb5d5fc531b77 to p11-kit 0.23.3 causes
> testsuite errors in gnutls 3.5.8:

Would reverting cbf1e42e39c030edb3e2c72ae9b4d7dd7ccf3eea address that?
My guess is that the moving of the pin-value to query component broke
the gnutls test suite. Although that's easily fixable, it may have
impact on existing setups, preventing an out-of-the-box upgrade of
p11-kit.

Checking the pkcs11uri draft's history it seems that the query
attributes came quite late in its definition and at least myself
didn't realize that until now. Maybe we should introduce a
compatibility for attributes like pin-value which have no security
repercussions like the ones mentioned in the commit message.
https://tools.ietf.org/rfcdiff?url2=draft-pechanec-pkcs11uri-13.txt

regards,
Nikos

_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
Loading...