Description of problem: The gnutls_x509_privkey_import method is no longer able to load private keys with a starting signature of: -----BEGIN PRIVATE KEY----- It can only load keys which mention an explicit algorithm The gnutls_x509_privkey_import2 method succeeds, which is why certtool --infile blah -k does not show any problem The problem appears to have been caused by this commit in 3.4.3: commit 0debaca946b74c66e67ed1a86c671ec3573b779a Author: Nikos Mavrogiannopoulos <nmav> Date: Thu Jun 25 15:08:54 2015 +0200 gnutls_x509_privkey_import: optimized private key loading Originlly the result would get set to GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR But now it gets set to GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; As a result, when the code jumsp to the 'failover' label it no longer triggers the PKCS#8 fallback path failover: /* Try PKCS #8 */ if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) { _gnutls_debug_log ("Falling back to PKCS #8 key decoding\n"); result = gnutls_x509_privkey_import_pkcs8(key, data, format, NULL, GNUTLS_PKCS_PLAIN); } This regression is breaking the libvirt test suite which uses the import method. Version-Release number of selected component (if applicable): 3.4.3 How reproducible: Always Steps to Reproduce: 1. Save attached demo to priv.c 2.gcc `pkg-config --cflags --libs gnutls` -o priv priv.c 3. ./priv Actual results: Failed to import key The requested data were not available. Aborted (core dumped) Expected results: Loads the private key Additional info:
Created attachment 1059045 [details] Demo program
Thanks. I've committed a fix upstream. https://gitlab.com/gnutls/gnutls/commit/3573c516a1cf1adc0df3b4caaeec64f55753016d
gnutls-3.4.4-1.fc23 has been submitted as an update for Fedora 23. https://admin.fedoraproject.org/updates/gnutls-3.4.4-1.fc23
Package gnutls-3.4.4-1.fc23: * should fix your issue, * was pushed to the Fedora 23 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing gnutls-3.4.4-1.fc23' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-13287/gnutls-3.4.4-1.fc23 then log in and leave karma (feedback).
gnutls-3.4.4-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.