auth-nonascii test fails or segfaults depending on system environment

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Mon Aug 14 06:38:16 PDT 2017


On Mon, Aug 14, 2017 at 3:36 PM, Nikos Mavrogiannopoulos
<n.mavrogiannopoulos at gmail.com> wrote:
> On Mon, Aug 14, 2017 at 2:36 PM, David Woodhouse <dwmw2 at infradead.org> wrote:
>> I actually had a fix for that lying around in my tree for a while; have
>> finally pushed it now. Thanks!
>>
>> I note that the auth-nonascii test still fails on Ubuntu 16.04, as even
>> in the trivial case of the default UTF-8 (in my case en_GB) locale,
>> GnuTLS won't open the file:
>>
>> Using certificate file ./certs/user-key-nonascii-password.p12
>> Failed to process PKCS#12 file: The given password contains invalid characters.
>
> Works ok here with 3.5.x. However note that you are using PKCS#12 with
> AES, meaning that you are using PKCS#5 which is not well defined with
> other than ASCII passwords.

I mentioned AES here because if you would have used RC4 or 3des-pkcs12
it would have been fine (yes WTF). PKCS#12 has its own OIDs for those
ciphers and for them it requires UTF-16 to be used.

regards,
Nikos



More information about the openconnect-devel mailing list