[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Lynx-dev] Re. lynx in shmat_ccs12.pdf
|
From: |
Thomas Dickey |
|
Subject: |
Re: [Lynx-dev] Re. lynx in shmat_ccs12.pdf |
|
Date: |
Mon, 05 Nov 2012 18:22:47 -0500 |
|
User-agent: |
Mutt/1.5.20 (2009-06-14) |
On Mon, Nov 05, 2012 at 02:02:25PM +0100, Thorsten Glaser wrote:
> Hi,
>
> lynx uses OpenSSL by default, and when GnuTLS support for broken
> operating systems was added later, it was done using some sort
> of wrapper.
something like that. GnuTLS's emulation of OpenSSL has always been poor,
and when they changed their license to be more restrictive, I wrote a
wrapper (and fixed the bugs in the emulation that I could find). The
issue here is outside the scope of that emulation.
> I added the initial draft of the hostname validation code with
> wildcard support, the proper one for OpenSSL, but am glad for
> your links to better information how to really do it, as I did
> that out of a real need, with only basic OpenSSL-fu, so I’ll
> definitely review that code again.
>
> Would have been cool for you to report this on the mailing list,
> though… anyway, if you’ve got any more information someone who
> wants/needs to implement a validating SSL client should have,
> it would be very nice to point them out.
It was reported in private email July 30 by the person listed as the
first author on the paper. I combined my fixes with other stuff in
dev.13 (two weeks later).
The report of course applies to GnuTLS only - which offhand accounts
for something less than half of the users. The text of the advisory
is misleading since it states "all versions".
--
Thomas E. Dickey <address@hidden>
http://invisible-island.net
ftp://invisible-island.net
signature.asc
Description: Digital signature