** Description changed: [Impact] - * libgnutls30 fails some types of OSCP verification - - * everybodys doing it - - * https://gitlab.com/gnutls/gnutls/merge_requests/433/commits + Applications using GnuTLS fails to verify OSCP, especially when ECDSA is + involved, which becomes increasingly more popular. [Test Case] + Run gnutls-cli -p 443 tvemsnbc-vh.akamaihd.net it should succeed, but fails the handshake with certificate validation. - * https://gitlab.com/gnutls/gnutls/issues/223 + [Regression Potential] + Only OCSP code is affected by the fixes, so something could possibly break there. - [Regression Potential] + [Other Info] + This was fixed in Debian stretch in 3.5.8-5+deb9u3: - * everybody already did it, so small - - [Other Info] - - * https://anonscm.debian.org/cgit/pkg-gnutls/gnutls.git/commit/?h=gnutls28_09_stretch&id=aebb4e1b78758d6395e17a3137f2c67a2fb7a334 + * https://anonscm.debian.org/cgit/pkg- + gnutls/gnutls.git/commit/?h=gnutls28_09_stretch&id=aebb4e1b78758d6395e17a3137f2c67a2fb7a334
** Description changed: [Impact] Applications using GnuTLS fails to verify OSCP, especially when ECDSA is involved, which becomes increasingly more popular. [Test Case] - Run gnutls-cli -p 443 tvemsnbc-vh.akamaihd.net it should succeed, but fails the handshake with certificate validation. + Run gnutls-cli -p 443 tvemsnbc-vh.akamaihd.net - it should succeed, but fails the handshake with certificate validation. [Regression Potential] Only OCSP code is affected by the fixes, so something could possibly break there. - [Other Info] This was fixed in Debian stretch in 3.5.8-5+deb9u3: - * https://anonscm.debian.org/cgit/pkg- + https://anonscm.debian.org/cgit/pkg- gnutls/gnutls.git/commit/?h=gnutls28_09_stretch&id=aebb4e1b78758d6395e17a3137f2c67a2fb7a334 ** Description changed: [Impact] Applications using GnuTLS fails to verify OSCP, especially when ECDSA is involved, which becomes increasingly more popular. [Test Case] - Run gnutls-cli -p 443 tvemsnbc-vh.akamaihd.net - it should succeed, but fails the handshake with certificate validation. + Run "gnutls-cli -p 443 tvemsnbc-vh.akamaihd.net" - it should succeed (hang once connected, basically), but fails the handshake with certificate validation. [Regression Potential] Only OCSP code is affected by the fixes, so something could possibly break there. [Other Info] This was fixed in Debian stretch in 3.5.8-5+deb9u3: https://anonscm.debian.org/cgit/pkg- gnutls/gnutls.git/commit/?h=gnutls28_09_stretch&id=aebb4e1b78758d6395e17a3137f2c67a2fb7a334 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1714506 Title: libgnutls30 OCSP verification bug To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1714506/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
