b9557296cb
The only reason our code wants PKCS12 files is for a private key, but a valid file needn't contain one; and reading a file without lead to a crash in QSslKeyPrivate::fromEVP_PKEY(). So check for missing key and fail the load, since the file is useless to us. Also ensure the caller's pkey is initialized, as we aren't promised that PKCS12_parse() will set it when there is no private key. Add a test for this case (it crashes without the fix) and update the instructions for how to generate test data to cover it also. (Corrected the wording there, too; at the interactive prompt, "providing no password" really provides an empty password.) Task-number: QTBUG-62335 Change-Id: I617508b903f6d9dee40d539b7136b0be8bc2c747 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
20 lines
666 B
Plaintext
20 lines
666 B
Plaintext
The PKCS#12 bundle was created by running the following in an
|
|
interactive shell in ../../qsslsocket/certs/:
|
|
|
|
openssl pkcs12 -export -in leaf.crt \
|
|
-inkey leaf.key -out leaf.p12 \
|
|
-certfile inter.crt -CAfile ca.crt
|
|
|
|
An empty password was provided (twice). The pkcs.crt and pkcs.key
|
|
files were then copied here and leaf.p12 was moved here.
|
|
|
|
|
|
The test-case with no private key (in a valid PKCS12 file) was created
|
|
similarly but with the command adjusted to:
|
|
|
|
openssl pkcs12 -export -in leaf.crt \
|
|
-nokeys -out leaf-nokey.p12 \
|
|
-certfile inter.crt -CAfile ca.crt
|
|
|
|
The file leaf-nokey.p12 was then moved here.
|