Nikos Mavrogiannopoulos
Nikos Mavrogiannopoulos
I'll split the bugs identified here and open different issues for simplicity. We can keep this bug for the windows trust store.
For that to be addressed I'll need some debugging output from @ExSport once we have a version of openconnect-gui which can enable gnutls debugging. Note that it is low-priority since...
> `Using system key system:win:id=11ba3d87f7572ae5ac22674bd6b3f7232014592d;type=privkey;name=non-working%20cert` > `Error importing system key system:win:id=11ba3d87f7572ae5ac22674bd6b3f7232014592d;type=privkey;name=non-working%20cert: The requested data were not available.`` > `Loading certificate failed. Aborting.``` I'd have expected additional logging between these lines....
What kind of key did you generate with AT_SIGNATURE? Was it RSA? Trying with a debug level of 9 would help.
@afl1 could you add this as a pull request?
Would you like to suggest a patch and introduce the necessary tests?
The pkcs11: URI format is a standard (RFC7512) since this April. It would be nice if pkcs11-helper would support that format.
Mentioning that a hash should not be used as a MAC with the length extension attack example aligns with the message of not creating own cryptography when it exists. For...
I'm not sure how the gnutls issue 21 blocks that feature. gnutls already provides a DANE back-end, whether that's linked with unbound or something else shouldn't block its use of...
For simplicity these could also be auto-generated on a system with graphicsmagick and openssl. Let me know if you prefer that path. PS. That's a course of very impressive quality....