[Gajim-devel] PKCS12 with password
asterix at lagaule.org
Mon Jul 25 15:17:57 CEST 2011
On 07/25/2011 02:10 PM, nmset wrote:
> Gajim is excellent for client authentication through credentials stored in a PKCS12 container. It rejects however a PKCS12 file
> protected by a password.
> tlsnb_nb.py opens the PKCS12 file with :
> p12 = OpenSSL.crypto.load_pkcs12(open(conn.client_cert).read())
> It may also open a password protected PKCS12 container with :
> p12 = OpenSSL.crypto.load_pkcs12(open(conn.client_cert).read(), p12pwd)
> Testing with hard-coded password works fine.
> I don't have the resources to code in Python, I guess it would be fairly easy for Python gurus to modify tls_nb.py to popup a
> dialog requesting a password for the container.
It's not that easy because tls_nb.py has nothing to do with GUI, so it
cannot display a dialog itself. Connection object should try to open the
certificat, if that fails, asks a password, before trying to connect.
But I can look at that.
Could you tell me what happens if you call directly
OpenSSL.crypto.load_pkcs12(open(PATH_TO_CERT).read()) on a password
protected cert? Does it raises a message about missing password?
I ask that to know how to detect it's protected or not.
More information about the Gajim-devel