[Bug 1714506] Re: libgnutls30 OCSP verification bug

Andy Whitcroft apw at canonical.com
Wed Sep 6 09:50:36 UTC 2017 

Hello largeprime, or anyone else affected,

Accepted gnutls28 into zesty-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/gnutls28/3.5.6-4ubuntu4.3 in a few
hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-zesty to verification-done-zesty. If it does not fix
the bug for you, please add a comment stating that, and change the tag
to verification-failed-zesty. In either case, details of your testing
will help us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: gnutls28 (Ubuntu Zesty)
       Status: In Progress => Fix Committed

** Tags added: verification-needed verification-needed-zesty

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnutls28 in Ubuntu.
https://bugs.launchpad.net/bugs/1714506

Title:
  libgnutls30 OCSP verification bug

Status in gnutls28 package in Ubuntu:
  Fix Released
Status in gnutls28 source package in Zesty:
  Fix Committed

Bug description:
  [Impact]

  Applications using GnuTLS fails to verify OSCP, especially when ECDSA
  is involved, which becomes increasingly more popular.

  [Test Case]
  Run "gnutls-cli -p 443 tvemsnbc-vh.akamaihd.net" - it should succeed (hang once connected, basically), but fails the handshake with certificate validation.

  [Regression Potential]
  Only OCSP code is affected by the fixes, so something could possibly break there.

  [Other Info]
  This was fixed in Debian stretch in 3.5.8-5+deb9u3:

  https://anonscm.debian.org/cgit/pkg-
  gnutls/gnutls.git/commit/?h=gnutls28_09_stretch&id=aebb4e1b78758d6395e17a3137f2c67a2fb7a334

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1714506/+subscriptions

More information about the foundations-bugs mailing list