On Mon, Nov 05, 2012 at 02:02:25PM +0100, Thorsten Glaser wrote: > Hi, > > lynx uses OpenSSL by default, and when GnuTLS support for broken > operating systems was added later, it was done using some sort > of wrapper.
something like that. GnuTLS's emulation of OpenSSL has always been poor, and when they changed their license to be more restrictive, I wrote a wrapper (and fixed the bugs in the emulation that I could find). The issue here is outside the scope of that emulation. > I added the initial draft of the hostname validation code with > wildcard support, the proper one for OpenSSL, but am glad for > your links to better information how to really do it, as I did > that out of a real need, with only basic OpenSSL-fu, so I’ll > definitely review that code again. > > Would have been cool for you to report this on the mailing list, > though… anyway, if you’ve got any more information someone who > wants/needs to implement a validating SSL client should have, > it would be very nice to point them out. It was reported in private email July 30 by the person listed as the first author on the paper. I combined my fixes with other stuff in dev.13 (two weeks later). The report of course applies to GnuTLS only - which offhand accounts for something less than half of the users. The text of the advisory is misleading since it states "all versions". -- Thomas E. Dickey <[email protected]> http://invisible-island.net ftp://invisible-island.net
signature.asc
Description: Digital signature
_______________________________________________ Lynx-dev mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/lynx-dev
