[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

please test imminent 2.8.x release

From: Simon Josefsson
Subject: please test imminent 2.8.x release
Date: Fri, 07 Aug 2009 01:49:01 +0200
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1.50 (gnu/linux)

Because of the NUL in CN/SAN issue we need to release a stable 2.8.x
update quickly.

Please test the release candidate:

This will be identical with the release unless I hear anything negative.

You can also help by reviewing the changes since 2.8.1:

I don't have more spare time to produce releases of older versions with
the patches (this problem came up at bad timing for me, plenty of paying
assignments to work on), but if someone else wants to spend time on
2.6.x or any older release, that would be welcome.  Note that in
addition to the patches that went into 2.8.x you also need to patch the
certificate printing output from gnutls-cli in src/common.c.  GnuTLS
2.8.x and later uses libgnutls to print certificate details instead.

You can use a self-tests from 2.9.x branch to check if your GnuTLS is
vulnerable, see:

Build and run it like this:

gcc -o nul-in-x509-names nul-in-x509-names.c -lgnutls

On a broken gnutls it will output:

gnutls_x509_crt_check_hostname BROKEN (NUL-IN-CN)
gnutls_x509_crt_check_hostname BROKEN (NUL-IN-SAN)

On a working gnutls it will output:

gnutls_x509_crt_check_hostname OK (NUL-IN-CN)
gnutls_x509_crt_check_hostname OK (NUL-IN-SAN)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]