libgnutls30 OCSP verification bug
Bug #1714506 reported by
largeprime
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnutls28 (Ubuntu) |
Fix Released
|
High
|
Julian Andres Klode | ||
Zesty |
Fix Released
|
High
|
Julian Andres Klode |
Bug Description
[Impact]
Applications using GnuTLS fails to verify OSCP, especially when ECDSA is involved, which becomes increasingly more popular.
[Test Case]
Run "gnutls-cli -p 443 tvemsnbc-
[Regression Potential]
Only OCSP code is affected by the fixes, so something could possibly break there.
[Other Info]
This was fixed in Debian stretch in 3.5.8-5+deb9u3:
description: | updated |
description: | updated |
description: | updated |
Changed in gnutls28 (Ubuntu): | |
importance: | Undecided → High |
status: | New → Triaged |
status: | Triaged → In Progress |
assignee: | nobody → Julian Andres Klode (juliank) |
Changed in gnutls28 (Ubuntu Zesty): | |
importance: | Undecided → High |
status: | New → Triaged |
assignee: | nobody → Julian Andres Klode (juliank) |
Changed in gnutls28 (Ubuntu): | |
status: | In Progress → Fix Committed |
Changed in gnutls28 (Ubuntu Zesty): | |
status: | Triaged → In Progress |
To post a comment you must log in.
JFTR: xenial is not affected, I assume older versions are not either.