[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: liblber additions

To: Howard Chu <hyc@symas.com>
Subject: Re: liblber additions
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Fri, 16 Feb 2007 23:43:26 +0100
Cc: OpenLDAP-devel@openldap.org
In-reply-to: <45D5372A.7070607@symas.com>
References: <45D5372A.7070607@symas.com>

Howard Chu writes:
> as an aside - the fact that GNUtls' certificate DN handling is broken
> is worrisome, since issuer DNs are an integral part of certificate
> path validation. Until we have time to dig deeper into that code and
> patch all the problems, it would be a good idea to avoid using GNUtls.

Sounds to me like it's better to wait for GNUtls to be fixed before
supporting it.  If it's that broken, it seems likely that there are
bugs which you haven't found too, which maybe someone can exploit.
TLS is not something one it's nice to expecet bugs in...

Or if you need to support if for some reason, maybe don't support
a configure option, just something like
  env ol_cv_use_broken_gnutls ./configure

-- 
Regards,
Hallvard

References:
- liblber additions
  - From: Howard Chu <hyc@symas.com>

Prev by Date: liblber additions
Next by Date: openldap-2.4.3alpha available
Index(es):
- Chronological
- Thread