[gnutls-devel] gnutls 3.5.7 fails tests without libidn
Nikos Mavrogiannopoulos
nmav at gnutls.org
Thu Dec 8 16:02:50 CET 2016
Thanks for reporting that. The following two (untested) patches should
address the issue:
https://gitlab.com/gnutls/gnutls/commit/ddca30ed625d9f5f7efb628e4467ff7ab5a65701
https://gitlab.com/gnutls/gnutls/commit/e40393e5685743e185ea284337b6a0ed5d756a0f
Note that compiling without libidn, enables broken functionality
(i.e., allows the library to send invalid values over the net just
because it cannot properly convert them). Is there a reason for using
that option?
regards,
Nikos
On Thu, Dec 8, 2016 at 2:31 PM, Alon Bar-Lev <alon.barlev at gmail.com> wrote:
> On 8 December 2016 at 09:04, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
>>
>> ** libgnutls: When setting a subject alternative name in a certificate
>> which is in UTF-8 format, it will transparently be converted to IDNA
>> form prior to storing.
>
> Hi,
>
> I guess this because of the above change... only guessing as it is
> something in lib/str-unicode with libidn conditional, as tests fails
> without libidn available.
>
> I believe these should work to some extent also if libidn is not
> available, actually fail (not return invalid byte count), or at least
> skipped during tests.
>
> Thanks!
> Alon
>
> ---
>
> $ ./crq_apis
> out.size=814 saved_crq.size=818
> crq_apis: /var/tmp/portage/net-libs/gnutls-3.5.7/work/gnutls-3.5.7/tests/crq_apis.c:452:
> doit: Assertion `out.size == saved_crq.size' failed.
> Aborted
>
> $ ./crt_apis
> doit:189: gnutls_x509_crt_set_subject_alt_name: An unimplemented or
> disabled feature has been requested., -1250
More information about the Gnutls-devel
mailing list