[Bug 1722411] Re: gnutls28 in trusty no longer validates many valid certificate chains, such as google.com

[Roger Lipscombe]

I'm trying it with the following extra patch:

diff -ruN gnutls28-3.2.11-orig/lib/x509/x509.c gnutls28-3.2.11/lib/x509/x509.c
--- gnutls28-3.2.11-orig/lib/x509/x509.c        2014-01-01 17:14:59.000000000 
+0000
+++ gnutls28-3.2.11/lib/x509/x509.c     2018-01-18 14:52:52.617834001 +0000
@@ -136,6 +136,7 @@
                asn1_delete_structure(&cert->cert);
        gnutls_free(cert->raw_dn.data);
        gnutls_free(cert->raw_issuer_dn.data);
+       gnutls_free(cert->raw_spki.data);
        gnutls_free(cert);
 }
 
@@ -202,6 +203,7 @@
                asn1_delete_structure(&cert->cert);
                _gnutls_free_datum(&cert->raw_dn);
                _gnutls_free_datum(&cert->raw_issuer_dn);
+               _gnutls_free_datum(&cert->raw_spki);
 
                result = asn1_create_element(_gnutls_get_pkix(),
                                             "PKIX1.Certificate",
@@ -252,6 +262,7 @@
                _gnutls_free_datum(&_data);
        _gnutls_free_datum(&cert->raw_dn);
        _gnutls_free_datum(&cert->raw_issuer_dn);
+       _gnutls_free_datum(&cert->raw_spki);
        return result;
 }

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1722411

Title:
  gnutls28 in trusty no longer validates many valid certificate chains,
  such as google.com

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1722411/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs