[gnutls-devel] GnuTLS 3.5.8 testsuite error against p11-kit GIT

Daiki Ueno dueno at redhat.com
Mon Jan 23 09:28:07 UTC 2017

Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:

> On Sun, Jan 22, 2017 at 4:47 PM, Andreas Metzler <ametzler at bebt.de> wrote:
>> Hello,
>> adding cbf1e42e39c030edb3e2c72ae9b4d7dd7ccf3eea,
>> 726c08847c263af9c9fd8c74aea738612795dbb6 and
>> a126365a49547da6b532210a886bb5d5fc531b77 to p11-kit 0.23.3 causes
>> testsuite errors in gnutls 3.5.8:
> Would reverting cbf1e42e39c030edb3e2c72ae9b4d7dd7ccf3eea address that?
> My guess is that the moving of the pin-value to query component broke
> the gnutls test suite. Although that's easily fixable, it may have
> impact on existing setups, preventing an out-of-the-box upgrade of
> p11-kit.
> Checking the pkcs11uri draft's history it seems that the query
> attributes came quite late in its definition and at least myself
> didn't realize that until now. Maybe we should introduce a
> compatibility for attributes like pin-value which have no security
> repercussions like the ones mentioned in the commit message.
> https://tools.ietf.org/rfcdiff?url2=draft-pechanec-pkcs11uri-13.txt

Yes, thanks for the suggestion.  I have opened a PR for this in p11-kit:

Daiki Ueno

More information about the p11-glue mailing list