[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6053) gnutls doen't initialize gnutls_x509_privkey_t structure, leading to TLS init def ctx failed: -50

Full_Name: John Morrissey
Version: 2.4.16
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (2001:4978:194:0:21f:5bff:fee9:da92)

tlsg_ctx_init() doesn't initialize the gnutls_x509_privkey_t structure before
passing it to gnutls_x509_privkey_import. This yields:

main: TLS init def ctx failed: -50

on slapd startup. gnutls error -50 is GNUTLS_E_INVALID_REQUEST. Initializing the
structure with gnutls_x509_privkey_init() allows slapd startup to succeed.

[jwm@coral.lab.isis:pts/1 ~> dpkg -l libgnutls26
ii  libgnutls26    2.6.4-2        the GNU TLS library - runtime library

--- openldap-2.4.16.orig/libraries/libldap/tls_g.c
+++ openldap-2.4.16/libraries/libldap/tls_g.c
@@ -354,6 +354,9 @@
                gnutls_x509_crt_t certs[VERIFY_DEPTH];
                unsigned int max = VERIFY_DEPTH;
+               rc = gnutls_x509_privkey_init(&key);
+               if ( rc < 0 ) return -1;
                /* OpenSSL builds the cert chain for us, but GnuTLS
                 * expects it to be present in the certfile. If it's
                 * not, we have to build it ourselves. So we have to