[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GnuTLS considered harmful

To: "Howard Chu" <hyc@symas.com>
Subject: Re: GnuTLS considered harmful
From: "Gavin Henry" <ghenry@suretecsystems.com>
Date: Sat, 16 Feb 2008 21:55:27 -0000 (GMT)
Cc: OpenLDAP Devel <openldap-devel@openldap.org>
Importance: Normal
In-reply-to: <47B751BF.8010103@symas.com>
Openpgp: id=796B1E87DB73BEA8
References: <47B751BF.8010103@symas.com>
User-agent: SquirrelMail/1.4.13-1.fc8

<quote who="Howard Chu">
> The recent trouble in ITS#5361 prompted me to look into the GnuTLS code a
> little deeper. It turns out that their corresponding
> set_subject_alt_name()
> API only takes a char * pointer as input, without a corresponding length.
> As
> such, this API will only work for string-form alternative names, and will
> typically break with IP addresses and other alternatives.
>
> Looking across more of their APIs, I see that the code makes liberal use
> of
> strlen and strcat, when it needs to be using counted-length data blobs
> everywhere. In short, the code is fundamentally broken; most of its
> external
> and internal APIs are incapable of passing binary data without mangling
> it.
> The code is completely unsafe for handling binary data, and yet the nature
> of
> TLS processing is almost entirely dependent on secure handling of binary
> data.
>
> I strongly recommend that GnuTLS not be used. All of its APIs would need
> to be
> overhauled to correct its flaws and it's clear that the developers there
> are
> too naive and inexperienced to even understand that it's broken.

So that means OpenLDAP on Debian is still not recommended if you don't
compile your own OpenSSL and OpenLDAP.

Follow-Ups:
- Re: GnuTLS considered harmful
  - From: Howard Chu <hyc@symas.com>

References:
- GnuTLS considered harmful
  - From: Howard Chu <hyc@symas.com>

Prev by Date: GnuTLS considered harmful
Next by Date: Re: GnuTLS considered harmful
Index(es):
- Chronological
- Thread