The code maintainer have confirm the bug and add a large text inside
the source code to implement that is insecure for production use.
** Changed in: nghttp2 (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscrib
Nowadays We find in nghttp2-client there exists other bug .
In @src/nghttp.cc:
int HttpClient::initiate_connection()
{
[...]
ssl = SSL_new(ssl_ctx);
[...]
SSL_set_fd(ssl.fd);
SSL_set_connect_state(ssl);
[...]
writefn = &HttpClient::connected;
}
The function initiate
This problem can be closed .Sorry for disturbing you.For some reasons ,we do
analysis on Ubuntu 16.04.,where the nghttp2 version is 1.7.1, NO
SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_cb) exists,so we can do MITM
attack.
We find in the lastest version 1.22.0,this bug has fixed.Thank for you
Public bug reported:
Hi developers:
We made a large scale security static analysis on several open source
projects, and found some mistakes in dnsval-2.0. In the @libval/valdane.c:743:
int val_dane_check(val_context_t *ctx,SSL *con,struct val_danestatus
*danestatus,int *do_pathval)
Hi Developers:
In @plugins/sslutils.c:164~248, I see you get the certificate and verify
some properties of it.So plugin is planning to do so? Why not use the
judgement :SSL_get_verify_result(ssl)==X509_V_OK to guarantee valid cert
verification?
2017-04-06 17:16 GMT+08:00 Jan Wagner <1677.
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1677493
Title:
no SSL certificate verify
To manage notifications about this bug go to:
http
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1677495
Title:
no SSL certificate verify
To manage notifications about this bug go to:
http
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1677501
Title:
no SSL certificate verify
To manage notifications about this bug go to:
http
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1677506
Title:
incomplete SSL certificate verify
To manage notifications about this bug go
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1677511
Title:
Disabled SSL certificate verify
To manage notifications about this bug go to
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1677947
Title:
no SSL certificate verify
To manage notifications about this bug go to:
http
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1677518
Title:
Disabled SSL certificate verify
To manage notifications about this bug go to
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1677558
Title:
no SSL certificate verify
To manage notifications about this bug go to:
http
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1677951
Title:
incomplete SSL certificate verify
To manage notifications about this bug go
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1677958
Title:
no SSL certificate verify
To manage notifications about this bug go to:
http
OK.Here are the link:
https://github.com/monitoring-plugins/monitoring-plugins/issues/1479
Thanks.
2017-03-31 22:01 GMT+08:00 Daniel Llewellyn :
> Thank you for taking the time to report this bug and helping to make
> Ubuntu better. The issue you are reporting is an upstream one and it
> would b
According to OpenSSL document, a correct certificate chain validation
pattern is like this:
const SSL_METHOD *method;
SSL_CTX *ctx;
SSL *ssl;
[...]
method = TLSv1_client_method(); //select protocol
[...]
ctx = SSL_CTX_new(method); //Create CTX
[...]
ssl = SSL_new(ctx); //Create SSL
[...]
//set SSL
17 matches
Mail list logo
