[gnutls-devel] SSL certificate validation bugs in GnuTLS
suman at cs.utexas.edu
Fri Feb 14 11:15:57 CET 2014
You are right. It turns out that for this bug we were using v 3.1.0
from - ftp://ftp.gnutls.org/gcrypt/gnutls/v3.1/gnutls-3.1.0.tar.lz.
The source code listings I sent you were also from v 3.1.0.
I confirmed that the pathlen constraints are indeed being checked
correctly in v 3.1.9.
Sorry about the confusion. BTW, is it a known bug for v 3.1.0?
On 02/13/2014 01:20 AM, Nikos Mavrogiannopoulos wrote:
> On Thu, Feb 13, 2014 at 9:33 AM, Suman Jana <suman at cs.utexas.edu> wrote:
>> Sorry, one small correction. The "check_if_ca" function is actually defined
>> in lib/x509/verify.c
>> and it calls "gnutls_x509_crt_get_ca_status".
> This is the place it is being used:
> Maybe you tried with an older version?
More information about the Gnutls-devel