[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: liblber additions

Howard Chu writes:
> as an aside - the fact that GNUtls' certificate DN handling is broken
> is worrisome, since issuer DNs are an integral part of certificate
> path validation. Until we have time to dig deeper into that code and
> patch all the problems, it would be a good idea to avoid using GNUtls.

Sounds to me like it's better to wait for GNUtls to be fixed before
supporting it.  If it's that broken, it seems likely that there are
bugs which you haven't found too, which maybe someone can exploit.
TLS is not something one it's nice to expecet bugs in...

Or if you need to support if for some reason, maybe don't support
a configure option, just something like
  env ol_cv_use_broken_gnutls ./configure