[Finally have a little bit of downtime, can turn my attention back to this...]
On 2010-03-25, at 2:34 PM, Juan Lang wrote:
>> I don't have any password-protected certificates to test with, so I can't
>> add such a test (it was not required for our implementation).
>
> You can if you create one
Whoops, forgot to cc wine-devel.
> I don't have any password-protected certificates to test with, so I can't add
> such a test (it was not required for our implementation).
You can if you create one (on Windows.)
> So what you want is to import two new functions (sk_X509_new_null() and
> sk_X5
On 2010-03-25, at 12:14 PM, Juan Lang wrote:
> Hi Philippe,
>
>>> You accept the PKCS12 file even if the password is incorrect. This is
>>> clearly wrong.
>>
>> It is not accepted. If the verification fails, ERR is spewed out and the
>> next step (parse, below) will fail as well.
>
> Is this
Hi Philippe,
>> You accept the PKCS12 file even if the password is incorrect. This is
>> clearly wrong.
>
> It is not accepted. If the verification fails, ERR is spewed out and the next
> step (parse, below) will fail as well.
Is this how Windows fails? That is, with a parse error? Please add
Hi Juan,
Thanks for reviewing my patches. Here are my comments:
> this attempt looks pretty incomplete. First off:
>
> +ret = pPKCS12_verify_mac(pkcs12, password, len);
> +if (ret == 0)
> +ERR_(crypt)("failed to verify pkcs12 {%p} with password
> \"%s\" using func {%p}\n", pkcs1
Hi Phillippe,
this attempt looks pretty incomplete. First off:
+ret = pPKCS12_verify_mac(pkcs12, password, len);
+if (ret == 0)
+ERR_(crypt)("failed to verify pkcs12 {%p} with password
\"%s\" using func {%p}\n", pkcs12, password, pPKCS12_verify_mac);
+else
+TRACE_(cry