Public bug reported: [Impact]
Applications using GnuTLS fails to verify OSCP, especially when ECDSA is involved, which becomes increasingly more popular. [Test Case] Run "gnutls-cli -p 443 tvemsnbc-vh.akamaihd.net" - it should succeed (hang once connected, basically), but fails the handshake with certificate validation. [Regression Potential] Only OCSP code is affected by the fixes, so something could possibly break there. [Other Info] This was fixed in Debian stretch in 3.5.8-5+deb9u3: https://anonscm.debian.org/cgit/pkg- gnutls/gnutls.git/commit/?h=gnutls28_09_stretch&id=aebb4e1b78758d6395e17a3137f2c67a2fb7a334 ** Affects: gnutls28 (Ubuntu) Importance: Undecided Status: New ** Tags: gnutls libgnutls30 ocsp tls -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1714506 Title: libgnutls30 OCSP verification bug To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1714506/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
