[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] Re. lynx in shmat_ccs12.pdf

From: Thomas Dickey
Subject: Re: [Lynx-dev] Re. lynx in shmat_ccs12.pdf
Date: Mon, 05 Nov 2012 18:22:47 -0500
User-agent: Mutt/1.5.20 (2009-06-14)

On Mon, Nov 05, 2012 at 02:02:25PM +0100, Thorsten Glaser wrote:
> Hi,
> lynx uses OpenSSL by default, and when GnuTLS support for broken
> operating systems was added later, it was done using some sort
> of wrapper.

something like that.  GnuTLS's emulation of OpenSSL has always been poor,
and when they changed their license to be more restrictive, I wrote a
wrapper (and fixed the bugs in the emulation that I could find).  The
issue here is outside the scope of that emulation.
> I added the initial draft of the hostname validation code with
> wildcard support, the proper one for OpenSSL, but am glad for
> your links to better information how to really do it, as I did
> that out of a real need, with only basic OpenSSL-fu, so I’ll
> definitely review that code again.
> Would have been cool for you to report this on the mailing list,
> though… anyway, if you’ve got any more information someone who
> wants/needs to implement a validating SSL client should have,
> it would be very nice to point them out.

It was reported in private email July 30 by the person listed as the
first author on the paper.  I combined my fixes with other stuff in
dev.13 (two weeks later).

The report of course applies to GnuTLS only - which offhand accounts
for something less than half of the users.  The text of the advisory
is misleading since it states "all versions".

Thomas E. Dickey <address@hidden>

Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]