[gnutls-devel] gnutls 3.5.7 fails tests without libidn

Alon Bar-Lev alon.barlev at gmail.com
Thu Dec 8 16:37:10 CET 2016


On 8 December 2016 at 17:02, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
>
> Thanks for reporting that. The following two (untested) patches should
> address the issue:
> https://gitlab.com/gnutls/gnutls/commit/ddca30ed625d9f5f7efb628e4467ff7ab5a65701
> https://gitlab.com/gnutls/gnutls/commit/e40393e5685743e185ea284337b6a0ed5d756a0f

Confirmed, thanks!

> Note that compiling without libidn, enables broken functionality
> (i.e., allows the library to send invalid values over the net just
> because it cannot properly convert them). Is there a reason for using
> that option?

It is your decision actually :)
Is libidn mandatory or optional for gnutls?
Currently it is optional as far as I can see.

>
> regards,
> Nikos
>
> On Thu, Dec 8, 2016 at 2:31 PM, Alon Bar-Lev <alon.barlev at gmail.com> wrote:
> > On 8 December 2016 at 09:04, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> >>
> >> ** libgnutls: When setting a subject alternative name in a certificate
> >>    which is in UTF-8 format, it will transparently be converted to IDNA
> >>    form prior to storing.
> >
> > Hi,
> >
> > I guess this because of the above change... only guessing as it is
> > something in lib/str-unicode with libidn conditional, as tests fails
> > without libidn available.
> >
> > I believe these should work to some extent also if libidn is not
> > available, actually fail (not return invalid byte count), or at least
> > skipped during tests.
> >
> > Thanks!
> > Alon
> >
> > ---
> >
> > $ ./crq_apis
> > out.size=814 saved_crq.size=818
> > crq_apis: /var/tmp/portage/net-libs/gnutls-3.5.7/work/gnutls-3.5.7/tests/crq_apis.c:452:
> > doit: Assertion `out.size == saved_crq.size' failed.
> > Aborted
> >
> > $ ./crt_apis
> > doit:189: gnutls_x509_crt_set_subject_alt_name: An unimplemented or
> > disabled feature has been requested., -1250



More information about the Gnutls-devel mailing list