Bug#505279: libgnutls26: segfault in _gnutls_x509_crt_get_raw_dn2
Simon Josefsson
simon at josefsson.org
Tue Nov 11 15:55:57 UTC 2008
Michael Meskes <meskes at debian.org> writes:
> On Tue, Nov 11, 2008 at 02:41:39PM +0100, Simon Josefsson wrote:
>> ...
>> and then press Ctrl-D, and cut'n'paste the output? I'm interested to
>> see the certificate chain of the server.
>
> Here we go:
>
> * OK Dovecot ready.
> . STARTTLS
> . OK Begin TLS negotiation now.
> *** Starting TLS handshake
> - Ephemeral Diffie-Hellman parameters
> - Using prime: 1032 bits
> - Secret key: 1016 bits
> - Peer's public key: 1024 bits
> - Certificate type: X.509
> - Got a certificate list of 1 certificates.
>
> - Certificate[0] info:
> # The hostname in the certificate does NOT match 'localhost'.
I think we have identified the problem, see:
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3216/focus=3230
That patch at least solves the vulnerability and the crash, so possibly
it could be uploaded to debian to avoid further troubles until we have
released a 2.6.2 with a good fix.
/Simon
More information about the Pkg-gnutls-maint
mailing list