#9444 closed enhancement (fixed)
GnuTLS-3.5.14
| Reported by: | DJ Lucas | Owned by: | DJ Lucas |
|---|---|---|---|
| Priority: | normal | Milestone: | 8.1 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New version.
libgnutls: Handle specially HSMs which request explicit authentication.
There are HSMs which return CKR_USER_NOT_LOGGED_IN on the first private key operation. Detect that state and try to login.
libgnutls: the GNUTLS_PKCS11_OBJ_FLAG_LOGIN will force a login on HSMs.
That is, even in tokens which do not have a CKF_LOGIN_REQUIRED flag a login will be forced. This improves operation on certain Safenet HSMs.
libgnutls: do not set leading zeros when copying integers on HSMs.
PKCS#11 defines integers as unsigned having most significant byte first, e.g., 32768 = 0x80 0x00. This is interpreted literraly by some HSMs which do not accept an integer with a leading zero. This improves operation with certain Atos HSMs.
libgnutls: Fixed issue discovering certain OCSP signers, and improved the
discovery of OCSP signer in the case where the Subject Public Key identifier field matches. Resolves gitlab issue #223.
gnutls-cli: ensure OCSP responses are saved with --save-ocsp even if
certificate verification fails.
API and ABI modifications: No changes since last version.
Change History (3)
comment:1 by , 7 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 7 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed in r18915.