[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GnuTLS considered harmful

On Sat, Feb 16, 2008 at 01:12:31PM -0800, Howard Chu wrote:
> The recent trouble in ITS#5361 prompted me to look into the GnuTLS
> code a little deeper. It turns out that their corresponding
> set_subject_alt_name() API only takes a char * pointer as input,
> without a corresponding length. As such, this API will only work for
> string-form alternative names, and will typically break with IP
> addresses and other alternatives.

Has this been pointed out to the GnuTLS developers? Or is your
frustration level too high :)

We have an interest in delivering OpenLDAP w/GnuTLS so anything to
make GnuTLS better is something we'd like to see happen.

albert chin (china@thewrittenword.com)