Re: [Rohc] [Question #240205]: Cannot load server certificate

[Didier Barvaux]

Question #240205 on rohc changed:
https://answers.launchpad.net/rohc/+question/240205

    Status: Open => Needs information

Didier Barvaux requested more information:
Hello,

There are not enough traces in the PKCS#12 code to be able to find the
source of the problem. Could you please apply the patch below on the
0.7.1 sources, build the program again, then reproduce the problem?

$ patch -p0 < /path/to/iprohc-0.7.1-pkcs12-traces.patch
$ make


Regards,
Didier


=== modified file 'server/tls.c'
--- server/tls.c        2013-03-18 14:12:31 +0000
+++ server/tls.c        2013-12-04 18:51:31 +0000
@@ -122,17 +122,21 @@ bool load_p12(gnutls_certificate_credent
        p12blob.data = malloc(32768 * sizeof(char));
        p12blob.size = fread((void*) p12blob.data, sizeof(char), 32768, 
p12file);
        fclose(p12file);
+       trace(LOG_INFO, "read %u bytes of PKCS#12 data from disk", 
p12blob.size);
 
        /* Init structure and import P12 */
        ret = gnutls_pkcs12_init(&p12);
        if(ret < 0)
        {
+               trace(LOG_ERR, "failed to init PKCS#12 context");
                goto free_blob;
        }
 
        ret = gnutls_pkcs12_import(p12, &p12blob, GNUTLS_X509_FMT_DER, 0);
        if(ret < 0)
        {
+               trace(LOG_ERR, "failed to import %u bytes of PKCS#12 data",
+                     p12blob.size);
                goto deinit_pkcs12;
        }
 
@@ -141,6 +145,7 @@ bool load_p12(gnutls_certificate_credent
                ret = gnutls_pkcs12_verify_mac(p12, password);
                if(ret < 0)
                {
+                       trace(LOG_ERR, "PKCS#12 verification failed");
                        goto deinit_pkcs12;
                }
        }
@@ -156,13 +161,13 @@ bool load_p12(gnutls_certificate_credent
                trace(LOG_ERR, "too few certificates in PKCS#12 file '%s'", 
p12_file);
                goto free_certs_key;
        }
-       
+
        /* get the ID of private key */
        key_id_size = sizeof(key_id);
        ret = gnutls_x509_privkey_get_key_id(key, 0, key_id, &key_id_size);
        if(ret < 0)
        {
-               trace(LOG_ERR, "failed to get key ID");
+               trace(LOG_ERR, "failed to get private key ID");
                goto free_certs_key;
        }
 
@@ -176,6 +181,7 @@ bool load_p12(gnutls_certificate_credent
                ret = gnutls_x509_crt_get_key_id(certs[i], 0, cert_id, 
&cert_id_size);
                if(ret < 0)
                {
+                       trace(LOG_ERR, "failed to get key ID for certificate 
#%d", i + 1);
                        goto free_certs_key;
                }

-- 
You received this question notification because you are a member of ROHC
Team, which is an answer contact for rohc.

_______________________________________________
Mailing list: https://launchpad.net/~rohc
Post to     : rohc@lists.launchpad.net
Unsubscribe : https://launchpad.net/~rohc
More help   : https://help.launchpad.net/ListHelp