[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#6053) gnutls doen't initialize gnutls_x509_privkey_t structure, leading to TLS init def ctx failed: -50
- To: openldap-its@OpenLDAP.org
- Subject: (ITS#6053) gnutls doen't initialize gnutls_x509_privkey_t structure, leading to TLS init def ctx failed: -50
- From: jwm@horde.net
- Date: Fri, 10 Apr 2009 15:12:10 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Full_Name: John Morrissey
Version: 2.4.16
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (2001:4978:194:0:21f:5bff:fee9:da92)
tlsg_ctx_init() doesn't initialize the gnutls_x509_privkey_t structure before
passing it to gnutls_x509_privkey_import. This yields:
main: TLS init def ctx failed: -50
on slapd startup. gnutls error -50 is GNUTLS_E_INVALID_REQUEST. Initializing the
structure with gnutls_x509_privkey_init() allows slapd startup to succeed.
[jwm@coral.lab.isis:pts/1 ~> dpkg -l libgnutls26
[...]
ii libgnutls26 2.6.4-2 the GNU TLS library - runtime library
--- openldap-2.4.16.orig/libraries/libldap/tls_g.c
+++ openldap-2.4.16/libraries/libldap/tls_g.c
@@ -354,6 +354,9 @@
gnutls_x509_crt_t certs[VERIFY_DEPTH];
unsigned int max = VERIFY_DEPTH;
+ rc = gnutls_x509_privkey_init(&key);
+ if ( rc < 0 ) return -1;
+
/* OpenSSL builds the cert chain for us, but GnuTLS
* expects it to be present in the certfile. If it's
* not, we have to build it ourselves. So we have to