[Bug 1714506] Re: libgnutls30 OCSP verification bug
Launchpad Bug Tracker
1714506 at bugs.launchpad.net
Mon Sep 4 14:55:26 UTC 2017
This bug was fixed in the package gnutls28 - 3.5.8-6ubuntu3
---------------
gnutls28 (3.5.8-6ubuntu3) artful; urgency=medium
* Cherry pick several fixes from Debian 3.5.8-5+deb9u3:
- 38_01-OCSP-check-the-subject-public-key-identifier-field-t.patch
38_02-OCSP-find_signercert-improved-DER-length-calculation.patch from
gnutls 3.5.14: Fix OCSP verification errors, especially with ecdsa
signatures. LP: #1714506
- 37_aarch64-fix-AES-GCM-in-place-encryption-and-decrypti.patch from
upstream 3.5.x branch: Fix breakage if AES-GCM in-place encryption and
decryption on aarch64. LP: #1707172
-- Julian Andres Klode <juliank at ubuntu.com> Sat, 02 Sep 2017 16:12:49
+0200
** Changed in: gnutls28 (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnutls28 in Ubuntu.
https://bugs.launchpad.net/bugs/1714506
Title:
libgnutls30 OCSP verification bug
Status in gnutls28 package in Ubuntu:
Fix Released
Status in gnutls28 source package in Zesty:
In Progress
Bug description:
[Impact]
Applications using GnuTLS fails to verify OSCP, especially when ECDSA
is involved, which becomes increasingly more popular.
[Test Case]
Run "gnutls-cli -p 443 tvemsnbc-vh.akamaihd.net" - it should succeed (hang once connected, basically), but fails the handshake with certificate validation.
[Regression Potential]
Only OCSP code is affected by the fixes, so something could possibly break there.
[Other Info]
This was fixed in Debian stretch in 3.5.8-5+deb9u3:
https://anonscm.debian.org/cgit/pkg-
gnutls/gnutls.git/commit/?h=gnutls28_09_stretch&id=aebb4e1b78758d6395e17a3137f2c67a2fb7a334
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1714506/+subscriptions
More information about the foundations-bugs
mailing list