[gnutls-devel] GnuTLS 3.5.8 testsuite error against p11-kit GIT
Daiki Ueno
dueno at redhat.com
Mon Jan 23 09:28:07 UTC 2017
Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
> On Sun, Jan 22, 2017 at 4:47 PM, Andreas Metzler <ametzler at bebt.de> wrote:
>> Hello,
>>
>> adding cbf1e42e39c030edb3e2c72ae9b4d7dd7ccf3eea,
>> 726c08847c263af9c9fd8c74aea738612795dbb6 and
>> a126365a49547da6b532210a886bb5d5fc531b77 to p11-kit 0.23.3 causes
>> testsuite errors in gnutls 3.5.8:
>
> Would reverting cbf1e42e39c030edb3e2c72ae9b4d7dd7ccf3eea address that?
> My guess is that the moving of the pin-value to query component broke
> the gnutls test suite. Although that's easily fixable, it may have
> impact on existing setups, preventing an out-of-the-box upgrade of
> p11-kit.
>
> Checking the pkcs11uri draft's history it seems that the query
> attributes came quite late in its definition and at least myself
> didn't realize that until now. Maybe we should introduce a
> compatibility for attributes like pin-value which have no security
> repercussions like the ones mentioned in the commit message.
> https://tools.ietf.org/rfcdiff?url2=draft-pechanec-pkcs11uri-13.txt
Yes, thanks for the suggestion. I have opened a PR for this in p11-kit:
https://github.com/p11-glue/p11-kit/pull/40
Regards,
--
Daiki Ueno
More information about the p11-glue
mailing list