Bug 1404192

Summary: Incorrect(?) error return for encrypted PKCS#8 file.
Product: [Fedora] Fedora Reporter: David Woodhouse <dwmw2>
Component: gnutlsAssignee: Nikos Mavrogiannopoulos <nmavrogi>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 25CC: nmavrogi, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-12-13 10:42:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Woodhouse 2016-12-13 09:59:12 UTC 
$ openconnect -c ../tests/certs/ec-cert.pem -k ../tests/certs/ec-key-pkcs8-pbes2-sha1.pem auth.startssl.com 
POST https://auth.startssl.com/
Connected to 104.192.110.244:443
Failed to load private key as PKCS#8: An illegal parameter was found.


I can "fix" this in OpenConnect thus:

--- a/gnutls.c
+++ b/gnutls.c
@@ -1513,7 +1513,8 @@ static int load_certificate(struct openconnect_info *vpninfo)
                while ((err = gnutls_x509_privkey_import_pkcs8(key, &fdata,
                                                               GNUTLS_X509_FMT_PEM,
                                                               pass?:"", 0))) {
-                       if (err != GNUTLS_E_DECRYPTION_FAILED) {
+                       if (err != GNUTLS_E_DECRYPTION_FAILED &&
+                           err != GNUTLS_E_ILLEGAL_PARAMETER) {
                                vpn_progress(vpninfo, PRG_ERR,
                                             _("Failed to load private key as PKCS#8: %s\n"),
                                             gnutls_strerror(err));


But I shouldn't have to,  should I?
Comment 1 Nikos Mavrogiannopoulos 2016-12-13 10:42:31 UTC 

*** This bug has been marked as a duplicate of bug 1404084 ***