GnuTLS CVE-2009-2730 Patches

Simon Josefsson simon at josefsson.org
Thu Aug 20 16:18:46 CEST 2009


Btw, I just notice a problem with RedHat's patch, it appears to break
OpenPGP connections:

gnutls-cli -p 5556 test.gnutls.org --priority NORMAL:+CTYPE-OPENPGP:-CTYPE-X509

I get an error:

- The hostname in the certificate does NOT match 'test.gnutls.org'

But this is incorrect, the names do match.

Please test if that command works on your versions, otherwise you will
need this patch too:

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=9eed44b4ef9538117cc134956b32bc8fd39534fd

I'll write a self-test to check this regression too.

/Simon





More information about the Gnutls-devel mailing list