On (13/12/06 09:05), Max Kellermann wrote: > Package: libgnutls13 > Version: 1.4.4-3 > Tags: patch > > When running a service which requests the client to authenticate > itself with a client certificate, the gnutls server will send the > wrong CA DNs to the client. This prevents the client to select the > correct certificate. > > Instead of providing a list of trusted CA DNs, the gnutls server sends > a list of their issuers. This violates the SSL protocol specification > section 5.6.4. > > In the most basic setups (in which gnutls might have been tested?), > this is not a problem, since the client certificate is signed by the > self-signed root CA, which is by definition its own issuer. In a > complex real world setup, however, client authentication will not > work. > > I have reported this problem to upstream yesterday: > > http://lists.gnupg.org/pipermail/gnutls-dev/2006-December/001313.html >
Hi, Thanks for your work. I would like to see the response from upstream before we make any decision for Debian. (Same for the other patch as well.) I just wanted to let you know your patches weren't being ignored. Thanks, James -- James Westby -- GPG Key ID: B577FE13 -- http://jameswestby.net/ seccure key - (3+)k7|M*edCX/.A:n*N!>|&7U.L#9E)Tu)T0>AM - secp256r1/nistp256 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
