Bug#402863: [Pkg-gnutls-maint] Bug#402863: gnutls server requests
wrong DNs from the client
James Westby
jw+debian at jameswestby.net
Sun Dec 17 21:10:58 CET 2006
On (13/12/06 09:05), Max Kellermann wrote:
> Package: libgnutls13
> Version: 1.4.4-3
> Tags: patch
>
> When running a service which requests the client to authenticate
> itself with a client certificate, the gnutls server will send the
> wrong CA DNs to the client. This prevents the client to select the
> correct certificate.
>
> Instead of providing a list of trusted CA DNs, the gnutls server sends
> a list of their issuers. This violates the SSL protocol specification
> section 5.6.4.
>
> In the most basic setups (in which gnutls might have been tested?),
> this is not a problem, since the client certificate is signed by the
> self-signed root CA, which is by definition its own issuer. In a
> complex real world setup, however, client authentication will not
> work.
>
> I have reported this problem to upstream yesterday:
>
> http://lists.gnupg.org/pipermail/gnutls-dev/2006-December/001313.html
>
Hi,
Thanks for your work. I would like to see the response from upstream
before we make any decision for Debian. (Same for the other patch as
well.)
I just wanted to let you know your patches weren't being ignored.
Thanks,
James
--
James Westby -- GPG Key ID: B577FE13 -- http://jameswestby.net/
seccure key - (3+)k7|M*edCX/.A:n*N!>|&7U.L#9E)Tu)T0>AM - secp256r1/nistp256
More information about the Pkg-gnutls-maint
mailing list