please test imminent 2.8.x release

Simon Josefsson simon at
Mon Aug 10 15:55:47 CEST 2009

Tomas Hoger <thoger at> writes:

> Hi Simon!
> Simon Josefsson <simon <at>> writes:
>> Because of the NUL in CN/SAN issue we need to release a stable 2.8.x
>> update quickly.
>> Please test the release candidate:
>> This will be identical with the release unless I hear anything negative.
>> You can also help by reviewing the changes since 2.8.1:
> Is it intentional that 2.8.2 does contain 21bc1439e5, but does not
> contain 9b0dc81885 and c9dba57f8d?  Moreover, is 21bc1439e5 still
> needed with 74b6d92f96 applied?  It seems that if there is NUL,
> GNUTLS_E_ASN1_DER_ERROR is returned earlier or res is passed through
> _gnutls_x509_data2hex() and hence should not contain NULs any more.

You are right.  21bc1439e5 is no longer needed and should not have been
in 2.8.x.  I wonder why the self-tests didn't catch that, by reading the
code it would seem to trigger an out-of-bounds read in some situations.

I'm wondering whether I need to release a 2.8.3 now...  or whether the
out-of-bounds read never happens in the 2.8.x branch for some other

See fixes at:


More information about the Gnutls-devel mailing list