Description of problem:
The gnutls_x509_privkey_import method is no longer able to load private keys with a starting signature of:


    -----BEGIN PRIVATE KEY-----

It can only load keys which mention an explicit algorithm

The gnutls_x509_privkey_import2 method succeeds, which is why certtool --infile blah -k does not show any problem

The problem appears to have been caused by this commit in 3.4.3:

commit 0debaca946b74c66e67ed1a86c671ec3573b779a
Author: Nikos Mavrogiannopoulos <nmav>
Date:   Thu Jun 25 15:08:54 2015 +0200

    gnutls_x509_privkey_import: optimized private key loading

Originlly the result would get set to GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR

But now it gets set to GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;

As a result, when the code jumsp to the 'failover' label it no longer triggers the PKCS#8 fallback path

      failover:
        /* Try PKCS #8 */
        if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) {
                _gnutls_debug_log
                    ("Falling back to PKCS #8 key decoding\n");
                result =
                    gnutls_x509_privkey_import_pkcs8(key, data, format,
                                                     NULL,
                                                     GNUTLS_PKCS_PLAIN);
        }

This regression is breaking the libvirt test suite which uses the import method.


Version-Release number of selected component (if applicable):
3.4.3

How reproducible:
Always

Steps to Reproduce:
1. Save attached demo to priv.c
2.gcc `pkg-config --cflags --libs gnutls`  -o priv priv.c
3. ./priv

Actual results:
Failed to import key The requested data were not available.
Aborted (core dumped)


Expected results:
Loads the private key

Additional info: