[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GnuTLS considered harmful


I know *very* little about C programming but...

Simon Josefsson wrote:

I don't think it is unreasonable for a SAN related API to work with zero-terminated strings. The typical SAN's like dNSName, rfc822Name, and uniformResourceIdentifier are human readable strings. Most applications will work with the strings in zero-terminated form.

...having implemented a cert parser in Python I'd like to emphasize that the attitude of "Most applications will work" is for me a real show-stopper for deploying GnuTLS especially regarding possible security issues.

In my project experience I saw so many PKI-enabled software packages crashing while handling even perfectly valid certificates (not to speak of mal-formed certs issued by some commercial CAs).

Ciao, Michael.