[Gajim-devel] PKCS12 with password

Yann Leboulanger asterix at lagaule.org
Mon Jul 25 15:17:57 CEST 2011

On 07/25/2011 02:10 PM, nmset wrote:
> Hello,
> Gajim is excellent for client authentication through credentials stored in a PKCS12 container. It rejects however a PKCS12 file
> protected by a password.
> tlsnb_nb.py opens the PKCS12 file with :
>          p12 = OpenSSL.crypto.load_pkcs12(open(conn.client_cert).read())
> It may also open a password protected PKCS12 container with :
>          p12 = OpenSSL.crypto.load_pkcs12(open(conn.client_cert).read(), p12pwd)
> Testing with hard-coded password works fine.
> I don't have the resources to code in Python, I guess it would be fairly easy for Python gurus to modify tls_nb.py to popup a
> dialog requesting a password for the container.


It's not that easy because tls_nb.py has nothing to do with GUI, so it 
cannot display a dialog itself. Connection object should try to open the 
certificat, if that fails, asks a password, before trying to connect. 
But I can look at that.

Could you tell me what happens if you call directly
OpenSSL.crypto.load_pkcs12(open(PATH_TO_CERT).read()) on a password 
protected cert? Does it raises a message about missing password?
I ask that to know how to detect it's protected or not.


More information about the Gajim-devel mailing list