Ubuntu
dnsval package

Disabled SSL certificate verify

Bug #1681177 reported by Ruan Linqi on 2017-04-09

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	dnsval (Ubuntu)	New	Undecided	Unassigned

Bug Description

Hi developers:
      We made a large scale security static analysis on several open source projects, and found some mistakes in dnsval-2.0. In the @libval/valdane.c:743:
   int val_dane_check(val_context_t *ctx,SSL *con,struct val_danestatus *danestatus,int *do_pathval)
  {
       [...]
       switch (dane_cur->usage) {
       [...]
       case DANE_USE_SVC_CONSTRAINT: /*1*/
           cert = SSL_get_peer_certificate(con);
           cert_datalen = i2d_X509(cert, NULL);
       [...]
  }

In this function,you do cert verify . But the API SSL_get_peer_certificate and SSL_get_verify_result do not in the same case.There may exist some problem?

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntudnsval package

Disabled SSL certificate verify

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
dnsval package