[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Lynx-dev] lynx 2.8.9dev3 does not check certificate expiration
|
From: |
Andreas Metzler |
|
Subject: |
[Lynx-dev] lynx 2.8.9dev3 does not check certificate expiration |
|
Date: |
Sat, 24 Jan 2015 16:26:35 +0100 |
|
User-agent: |
Mutt/1.5.23 (2014-03-12) |
Hello,
lynx 2.8.9dev3 (GnuTLS) invokes gnutls_certificate_verify_peers2() but
does not use/check all error flags. e.g. certificate expiration is not
checked. <https://bugs.debian.org/745835>. Find attached a patch
against 2.8.9dev3 to change the respective code to simply check for
/any/ error and use gnutls_certificate_verification_status_print() to
print what exactly failed. This follows the example in upstream's
documentation
<http://www.gnutls.org/manual/html_node/Simple-client-example-with-X_002e509-certificate-support.html#Simple-client-example-with-X_002e509-certificate-support>.
The respective function was added in GnuTLS 3.1.4 (released in
November 2012).
Please doublecheck, I am not a programmer by profession.
thanks, cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
25_use_status_print.diff
Description: Text Data
- [Lynx-dev] lynx 2.8.9dev3 does not check certificate expiration,
Andreas Metzler <=