[gnutls-devel] SSL certificate validation bugs in GnuTLS

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Feb 13 10:25:50 CET 2014

On Thu, Feb 13, 2014 at 9:48 AM, Andy Lutomirski <luto at amacapital.net> wrote:

> This should IMO have a CVE assigned and announcement made.  If I understand
> the issue correctly, this will be widely exploited.
> If this affects verification of client certs, everyone is fscked.

It should have a CVE as it has quite some implications. As of
exploitability I think it depends on whether there are CAs that issue
v1 certificates.
I'll try to make a bug-fix release as soon.


More information about the Gnutls-devel mailing list