[gnutls-devel] SSL certificate validation bugs in GnuTLS
nmav at gnutls.org
Thu Feb 13 10:25:50 CET 2014
On Thu, Feb 13, 2014 at 9:48 AM, Andy Lutomirski <luto at amacapital.net> wrote:
> This should IMO have a CVE assigned and announcement made. If I understand
> the issue correctly, this will be widely exploited.
> If this affects verification of client certs, everyone is fscked.
It should have a CVE as it has quite some implications. As of
exploitability I think it depends on whether there are CAs that issue
I'll try to make a bug-fix release as soon.
More information about the Gnutls-devel