GnuTLS CVE-2009-2730 Patches
Simon Josefsson
simon at josefsson.org
Thu Aug 20 19:03:23 CEST 2009
Simon Josefsson <simon at josefsson.org> writes:
> Btw, I just notice a problem with RedHat's patch, it appears to break
> OpenPGP connections:
>
> gnutls-cli -p 5556 test.gnutls.org --priority NORMAL:+CTYPE-OPENPGP:-CTYPE-X509
>
> I get an error:
>
> - The hostname in the certificate does NOT match 'test.gnutls.org'
>
> But this is incorrect, the names do match.
>
> Please test if that command works on your versions, otherwise you will
> need this patch too:
>
> http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=9eed44b4ef9538117cc134956b32bc8fd39534fd
>
> I'll write a self-test to check this regression too.
Now finished, and here is another way to check if your library is OK or
not:
wget http://git.savannah.gnu.org/cgit/gnutls.git/plain/tests/hostname-check.c
wget http://git.savannah.gnu.org/cgit/gnutls.git/plain/tests/utils.c
wget http://git.savannah.gnu.org/cgit/gnutls.git/plain/tests/utils.h
gcc -o hostname-check hostname-check.c utils.c -I. -lgnutls
./hostname-check
It should finish with 0 errors.
Maybe we'll need a 2.8.4 to fix this...
/Simon
More information about the Gnutls-devel
mailing list