[Date Prev][Date Next]
Re: GnuTLS considered harmful
On Sat, Feb 16, 2008 at 01:12:31PM -0800, Howard Chu wrote:
> The recent trouble in ITS#5361 prompted me to look into the GnuTLS
> code a little deeper. It turns out that their corresponding
> set_subject_alt_name() API only takes a char * pointer as input,
> without a corresponding length. As such, this API will only work for
> string-form alternative names, and will typically break with IP
> addresses and other alternatives.
Has this been pointed out to the GnuTLS developers? Or is your
frustration level too high :)
We have an interest in delivering OpenLDAP w/GnuTLS so anything to
make GnuTLS better is something we'd like to see happen.
albert chin (firstname.lastname@example.org)