bug report / asn1 parse error

Nikos Mavroyanopoulos nmav at hellug.gr
Sun Oct 7 14:47:02 CEST 2001

On Sat, 6 Oct 2001 17:16:07 -0700 Neil Spring <nspring at saavie.org> wrote:

> Hi;
> I sent the messages below to bug-gnutls at gnu.org as
> recommended on the gnutls web page, but had them rejected
> from being forwarded to gnutls-dev at gnupg.org because it
> is automatically bcc'd (or some such lackluster sendmail
> magic).
I'll look at it.

> In order for a gnutls-linked program to interoperate with a
> server using an openssl generated certificate (eg.  those
> ssl daemons currently in Debian) the asn1 parser has to be
> modified to use a larger buffer when processing extensions.
> More robust solutions than simply increasing the size of
> the stack-allocated buffer would be to ignore extensions
> that are too long, or allocate space to store them
> dynamically.
I've modified the extension parsing function to ignore (non-critical),
extensions that are too long. Currently this is enough since the
extensions we support should not be that long.

> I'd appreciate it if such a change can be made before 
> the next release.
I've done the change, and it is on the cvs. Thank you for debugging and 
reporting this. 

The next version will be available when I add the DHE_RSA
ciphersuite (that will be soon).

> thanks,
> -neil

Nikos Mavroyanopoulos
mailto:nmav at hellug.gr

More information about the Gnutls-devel mailing list