rohc team mailing list archive

Thread
Date

Re: [Question #240205]: Cannot load server certificate

To: rohc@xxxxxxxxxxxxxxxxxxx
From: Didier Barvaux <question240205@xxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 04 Dec 2013 19:01:34 -0000
Reply-to: question240205@xxxxxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Question #240205 on rohc changed:
https://answers.launchpad.net/rohc/+question/240205

    Status: Open => Needs information

Didier Barvaux requested more information:
Hello,

There are not enough traces in the PKCS#12 code to be able to find the
source of the problem. Could you please apply the patch below on the
0.7.1 sources, build the program again, then reproduce the problem?

$ patch -p0 < /path/to/iprohc-0.7.1-pkcs12-traces.patch
$ make


Regards,
Didier


=== modified file 'server/tls.c'
--- server/tls.c	2013-03-18 14:12:31 +0000
+++ server/tls.c	2013-12-04 18:51:31 +0000
@@ -122,17 +122,21 @@ bool load_p12(gnutls_certificate_credent
 	p12blob.data = malloc(32768 * sizeof(char));
 	p12blob.size = fread((void*) p12blob.data, sizeof(char), 32768, p12file);
 	fclose(p12file);
+	trace(LOG_INFO, "read %u bytes of PKCS#12 data from disk", p12blob.size);
 
 	/* Init structure and import P12 */
 	ret = gnutls_pkcs12_init(&p12);
 	if(ret < 0)
 	{
+		trace(LOG_ERR, "failed to init PKCS#12 context");
 		goto free_blob;
 	}
 
 	ret = gnutls_pkcs12_import(p12, &p12blob, GNUTLS_X509_FMT_DER, 0);
 	if(ret < 0)
 	{
+		trace(LOG_ERR, "failed to import %u bytes of PKCS#12 data",
+		      p12blob.size);
 		goto deinit_pkcs12;
 	}
 
@@ -141,6 +145,7 @@ bool load_p12(gnutls_certificate_credent
 		ret = gnutls_pkcs12_verify_mac(p12, password);
 		if(ret < 0)
 		{
+			trace(LOG_ERR, "PKCS#12 verification failed");
 			goto deinit_pkcs12;
 		}
 	}
@@ -156,13 +161,13 @@ bool load_p12(gnutls_certificate_credent
 		trace(LOG_ERR, "too few certificates in PKCS#12 file '%s'", p12_file);
 		goto free_certs_key;
 	}
-	
+
 	/* get the ID of private key */
 	key_id_size = sizeof(key_id);
 	ret = gnutls_x509_privkey_get_key_id(key, 0, key_id, &key_id_size);
 	if(ret < 0)
 	{
-		trace(LOG_ERR, "failed to get key ID");
+		trace(LOG_ERR, "failed to get private key ID");
 		goto free_certs_key;
 	}
 
@@ -176,6 +181,7 @@ bool load_p12(gnutls_certificate_credent
 		ret = gnutls_x509_crt_get_key_id(certs[i], 0, cert_id, &cert_id_size);
 		if(ret < 0)
 		{
+			trace(LOG_ERR, "failed to get key ID for certificate #%d", i + 1);
 			goto free_certs_key;
 		}

-- 
You received this question notification because you are a member of ROHC
Team, which is an answer contact for rohc.