Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#9444 closed enhancement (fixed)

GnuTLS-3.5.14

Reported by: DJ Lucas Owned by: DJ Lucas
Priority: normal Milestone: 8.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New version.

libgnutls: Handle specially HSMs which request explicit authentication.

There are HSMs which return CKR_USER_NOT_LOGGED_IN on the first private key operation. Detect that state and try to login.

libgnutls: the GNUTLS_PKCS11_OBJ_FLAG_LOGIN will force a login on HSMs.

That is, even in tokens which do not have a CKF_LOGIN_REQUIRED flag a login will be forced. This improves operation on certain Safenet HSMs.

libgnutls: do not set leading zeros when copying integers on HSMs.

PKCS#11 defines integers as unsigned having most significant byte first, e.g., 32768 = 0x80 0x00. This is interpreted literraly by some HSMs which do not accept an integer with a leading zero. This improves operation with certain Atos HSMs.

libgnutls: Fixed issue discovering certain OCSP signers, and improved the

discovery of OCSP signer in the case where the Subject Public Key identifier field matches. Resolves gitlab issue #223.

gnutls-cli: ensure OCSP responses are saved with --save-ocsp even if

certificate verification fails.

API and ABI modifications: No changes since last version.

Change History (3)

comment:1 by DJ Lucas, 4 years ago

Owner: changed from blfs-book@… to DJ Lucas
Status: newassigned

comment:2 by DJ Lucas, 4 years ago

Resolution: fixed
Status: assignedclosed

Fixed in r18915.

comment:3 by DJ Lucas, 4 years ago

And in r18916. Thanks Pierre.

Note: See TracTickets for help on using tickets.