Changeset 5513f3e


Ignore:
Timestamp:
2011-12-24T14:52:35Z (7 years ago)
Author:
Wilmer van der Gaast <wilmer@…>
Branches:
master
Children:
96f954d
Parents:
200e151
Message:

Fix compatibility with old GnuTLS versions, but with a warning. See
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1417 for details.

Files:
2 edited

Legend:

Unmodified
Added
Removed
  • configure

    r200e151 r5513f3e  
    283283EOF
    284284                ssl=gnutls
     285                if ! pkg-config gnutls --atleast-version=2.8; then
     286                        echo
     287                        echo 'Warning: With GnuTLS versions <2.8, certificate expire dates are not verified.'
     288                fi
    285289                ret=1
    286290        elif libgnutls-config --version > /dev/null 2> /dev/null; then
  • lib/ssl_gnutls.c

    r200e151 r5513f3e  
    166166                verifyret |= VERIFY_CERT_INSECURE_ALGORITHM;
    167167
     168#ifdef GNUTLS_CERT_NOT_ACTIVATED
     169        /* Amusingly, the GnuTLS function used above didn't check for expiry
     170           until GnuTLS 2.8 or so. (See CVE-2009-1417) */
    168171        if( status & GNUTLS_CERT_NOT_ACTIVATED )
    169172                verifyret |= VERIFY_CERT_NOT_ACTIVATED;
     
    171174        if( status & GNUTLS_CERT_EXPIRED )
    172175                verifyret |= VERIFY_CERT_EXPIRED;
     176#endif
    173177
    174178        /* The following check is already performed inside
Note: See TracChangeset for help on using the changeset viewer.