[gnutls-devel] gnutls 3.5.7 fails tests without libidn

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Dec 8 16:02:50 CET 2016

Thanks for reporting that. The following two (untested) patches should
address the issue:

Note that compiling without libidn, enables broken functionality
(i.e., allows the library to send invalid values over the net just
because it cannot properly convert them). Is there a reason for using
that option?


On Thu, Dec 8, 2016 at 2:31 PM, Alon Bar-Lev <alon.barlev at gmail.com> wrote:
> On 8 December 2016 at 09:04, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
>> ** libgnutls: When setting a subject alternative name in a certificate
>>    which is in UTF-8 format, it will transparently be converted to IDNA
>>    form prior to storing.
> Hi,
> I guess this because of the above change... only guessing as it is
> something in lib/str-unicode with libidn conditional, as tests fails
> without libidn available.
> I believe these should work to some extent also if libidn is not
> available, actually fail (not return invalid byte count), or at least
> skipped during tests.
> Thanks!
> Alon
> ---
> $ ./crq_apis
> out.size=814 saved_crq.size=818
> crq_apis: /var/tmp/portage/net-libs/gnutls-3.5.7/work/gnutls-3.5.7/tests/crq_apis.c:452:
> doit: Assertion `out.size == saved_crq.size' failed.
> Aborted
> $ ./crt_apis
> doit:189: gnutls_x509_crt_set_subject_alt_name: An unimplemented or
> disabled feature has been requested., -1250

More information about the Gnutls-devel mailing list