[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd verifyclient fails on demand

To: Enterprise Spirit <ldaptech+Etherape@kernelbug.org>, Dan White <dwhite@cafedemocracy.org>
Subject: Re: slapd verifyclient fails on demand
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Tue, 21 Apr 2015 08:44:52 -0700
Cc: openldap-technical@openldap.org
Content-disposition: inline
Dkim-filter: OpenDKIM Filter v2.9.2 edge02.zimbra.com 711A1A625B
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zimbra.com; s=C2AA288C-EE47-11E2-9BB0-E820BDD9BDBF; t=1429631108; bh=ydIsNC4N5iX+t3OOJA2bE1Ildz2Y5cLTJ9IoqPPDu2g=; h=Date:From:To:Subject:Message-ID:MIME-Version:Content-Type: Content-Transfer-Encoding; b=iNYhjAFV1BgxP8punVEQhEq6azCIIVLmmvUgpG5CACdVMS3u08iiNZsr8qLT452PI iT6EyFIartBhyXgB54rKkSt6bouYGheXkL+nYDYGCxlBxDOX2ghwG/Lf0o5EMGkCCa 4MI3dIs6WUcFPfzN7zAnMPqYMK6o2WtGuXhahhZM=
In-reply-to: <C82445B29D89053EEEC0F2B5@[192.168.1.9]>
References: <20150420180747.GA10947@kernelbug.org> <20150420194627.GG3802@dan.olp.net> <20150420231821.GB10947@kernelbug.org> <C82445B29D89053EEEC0F2B5@[192.168.1.9]>

--On Tuesday, April 21, 2015 9:26 AM -0700 Quanah Gibson-Mount<quanah@zimbra.com> wrote:

--On Tuesday, April 21, 2015 2:18 AM +0200 Enterprise Spirit
<ldaptech+Etherape@kernelbug.org> wrote:

Howard Chu,
If you allow me to ask you something about gnutls directly, do you still
stand behind the statement you made here,
http://www.openldap.org/lists/openldap-devel/200802/msg00072.html

i know it's out of date but you said 'the code is fundamentally broken'.
I'm not knowledged about the internals of gnutls but i am very cusious if
you changed your mind since then.


It's funny you ask... There was a spirited debate with one of the GnuTLS
author's a while back about this, as they blogged that Howard was
incorrect.  Howard pointed out on the blog
(<http://nmav.gnutls.org/2011/05/is-really-gnutls-considered-harmful.html
>) that he was in fact still correct, and gave examples.  After which the
GnuTLS author deleted the entire conversation off of his blog, and locked
it down.  That, to me, says worlds about how "safe" one can consider
GnuTLS.

Ah, apparently I misremembered the location, see:<https://plus.google.com/+HowardChu/posts/RGBXrLTh7oG>


--Quanah

--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

References:
- slapd verifyclient fails on demand
  - From: "E.therepa" <ldaptech+Etherape@kernelbug.org>
- Re: slapd verifyclient fails on demand
  - From: Dan White <dwhite@cafedemocracy.org>
- Re: slapd verifyclient fails on demand
  - From: Enterprise Spirit <ldaptech+Etherape@kernelbug.org>
- Re: slapd verifyclient fails on demand
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: slapd verifyclient fails on demand
Next by Date: Re: Slapd running very slow
Index(es):
- Chronological
- Thread