[gnutls-devel] SSL certificate validation bugs in GnuTLS

[Nikos Mavrogiannopoulos]

On Thu, Feb 13, 2014 at 9:48 AM, Andy Lutomirski <luto at amacapital.net> wrote:

> This should IMO have a CVE assigned and announcement made.  If I understand
> the issue correctly, this will be widely exploited.
> If this affects verification of client certs, everyone is fscked.

It should have a CVE as it has quite some implications. As of
exploitability I think it depends on whether there are CAs that issue
v1 certificates.
I'll try to make a bug-fix release as soon.

regards,
Nikos