[Date Prev][Date Next]
Re: GnuTLS considered harmful
I know *very* little about C programming but...
Simon Josefsson wrote:
I don't think it is unreasonable for a SAN related API to work with
zero-terminated strings. The typical SAN's like dNSName, rfc822Name,
and uniformResourceIdentifier are human readable strings. Most
applications will work with the strings in zero-terminated form.
...having implemented a cert parser in Python I'd like to
emphasize that the attitude of "Most applications will work" is
for me a real show-stopper for deploying GnuTLS especially
regarding possible security issues.
In my project experience I saw so many PKI-enabled software
packages crashing while handling even perfectly valid certificates
(not to speak of mal-formed certs issued by some commercial CAs).