Update comment about gnutls_x509_privkey_import_pkcs8() password handling

author David Woodhouse <David.Woodhouse@intel.com>

Mon, 4 Jun 2012 15:46:23 +0000 (16:46 +0100)

committer David Woodhouse <David.Woodhouse@intel.com>

Mon, 4 Jun 2012 15:46:23 +0000 (16:46 +0100)
author David Woodhouse <David.Woodhouse@intel.com>
Mon, 4 Jun 2012 15:46:23 +0000 (16:46 +0100)
committer David Woodhouse <David.Woodhouse@intel.com>
Mon, 4 Jun 2012 15:46:23 +0000 (16:46 +0100)
diff --git a/gnutls.c b/gnutls.c

index 291deac..b8f0ad2 100644 (file)
--- a/gnutls.c
+++ b/gnutls.c
@@ -543,7 +543,10 @@ static int load_certificate(struct openconnect_info *vpninfo)
                    just call gnutls_x509_privkey_import_pkcs8() with a NULL password,
                    it'll SEGV. You have to set the GNUTLS_PKCS_PLAIN flag if you want
                    to try without a password. Passing NULL evidently isn't enough of
-                  a hint. */
+                  a hint. And in GnuTLS 3.1 where that crash has been fixed, passing
+                  NULL will cause it to return GNUTLS_E_ENCRYPTED_STRUCTURE (a new
+                  error code) rather than GNUTLS_E_DECRYPTION_FAILED. So just pass ""
+                  instead of NULL, and don't worry about either case. */
                 while ((err = gnutls_x509_privkey_import_pkcs8(key, &fdata,
                                                                GNUTLS_X509_FMT_PEM,
                                                                pass?pass:"", 0))) {
author	David Woodhouse <David.Woodhouse@intel.com>
	Mon, 4 Jun 2012 15:46:23 +0000 (16:46 +0100)
committer	David Woodhouse <David.Woodhouse@intel.com>
	Mon, 4 Jun 2012 15:46:23 +0000 (16:46 +0100)