[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate expiration not checked by gnutls-cli [GNUTLS-SA-2009-3]

From: Andreas Metzler
Subject: Re: Certificate expiration not checked by gnutls-cli [GNUTLS-SA-2009-3] [CVE-2009-1417]
Date: Sun, 17 Jan 2010 11:40:45 +0100
User-agent: Mutt/1.5.18 (2008-05-17)

On 2010-01-17 Nikos Mavrogiannopoulos <address@hidden> wrote:
> Andreas Metzler wrote:
> > Ping?
> [...]
> >> this test does not work for me with any version of gnutls. There is no
> >> "error: certificate has expired" or even "Peer's certificate chain
> >> uses expired certificate".

> I checked it and it seems that the verification code will stop once a
> certificate in the chain is found invalid (that was added to counter
> some denial of service attacks). Here gnutls-cli cannot verify the CA
> certificate thus stops there and does not move forward to check time for
> the actual certificate.

I see and have managed to verify this. Thank you for the explanation.

cu andreas
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

reply via email to

[Prev in Thread] Current Thread [Next in Thread]