Update comment about gnutls_x509_privkey_import_pkcs8() password hand…

…ling Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
sailfishos-mirror · Jun 4, 2012 · 329c23e · 329c23e
1 parent 6d94137
commit 329c23e
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/gnutls.c b/gnutls.c
@@ -543,7 +543,10 @@ static int load_certificate(struct openconnect_info *vpninfo)
 		   just call gnutls_x509_privkey_import_pkcs8() with a NULL password,
 		   it'll SEGV. You have to set the GNUTLS_PKCS_PLAIN flag if you want
 		   to try without a password. Passing NULL evidently isn't enough of
-		   a hint. */
+		   a hint. And in GnuTLS 3.1 where that crash has been fixed, passing
+		   NULL will cause it to return GNUTLS_E_ENCRYPTED_STRUCTURE (a new
+		   error code) rather than GNUTLS_E_DECRYPTION_FAILED. So just pass ""
+		   instead of NULL, and don't worry about either case. */
 		while ((err = gnutls_x509_privkey_import_pkcs8(key, &fdata,
 							       GNUTLS_X509_FMT_PEM,
 							       pass?pass:"", 0))) {