[gnutls-devel] An (historical) heartbeat.c issue more relevant to Heartbleed

Peter Dettman peter.dettman at bouncycastle.org
Sat Apr 12 09:40:18 CEST 2014


On 12/04/2014 2:00 PM, Nikos Mavrogiannopoulos wrote:
> So it seems that these versions of gnutls are usable/broken in respect 
> to heartbeats, and if anyone would have used this broken version of 
> gnutls to debug openssl heartbeats he may have uncovered the bug :) 
> regards, Nikos 

Yes, I did have the same thought, but left it out of my post, which was 
already in danger of sounding accusatory.

I got as far as implementing the structures from RFC 6520 in 
BouncyCastle, in late June of last year, but never got around to 
actually implementing the protocol. I certainly would have tested 
against openssl (as usual), but would I have "asked the right questions"?

Pete.




More information about the Gnutls-devel mailing list