gnutls-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GnuTLS CVE-2009-2730 Patches

From: Simon Josefsson
Subject: Re: GnuTLS CVE-2009-2730 Patches
Date: Thu, 20 Aug 2009 19:03:23 +0200
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux) 
Simon Josefsson <address@hidden> writes:

> Btw, I just notice a problem with RedHat's patch, it appears to break
> OpenPGP connections:
>
> gnutls-cli -p 5556 test.gnutls.org --priority 
> NORMAL:+CTYPE-OPENPGP:-CTYPE-X509
>
> I get an error:
>
> - The hostname in the certificate does NOT match 'test.gnutls.org'
>
> But this is incorrect, the names do match.
>
> Please test if that command works on your versions, otherwise you will
> need this patch too:
>
> http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=9eed44b4ef9538117cc134956b32bc8fd39534fd
>
> I'll write a self-test to check this regression too.

Now finished, and here is another way to check if your library is OK or
not:

wget http://git.savannah.gnu.org/cgit/gnutls.git/plain/tests/hostname-check.c
wget http://git.savannah.gnu.org/cgit/gnutls.git/plain/tests/utils.c
wget http://git.savannah.gnu.org/cgit/gnutls.git/plain/tests/utils.h
gcc -o hostname-check hostname-check.c utils.c -I. -lgnutls
./hostname-check

It should finish with 0 errors.

Maybe we'll need a 2.8.4 to fix this...

/Simon
reply via email to
[Prev in Thread] Current Thread [Next in Thread]