Linux.com

Home News Software Applications [$] A Longstanding GnuTLS Certificate Validation Botch

[$] A Longstanding GnuTLS Certificate Validation Botch

Something rather reminiscent of Apple's "goto fail;" bug has been found, but this time it hits rather closer to home for the free software community since it lives in GnuTLS. Certificate validation for SSL/TLS has been under some scrutiny lately, evidently to good effect. But this bug is arguably much worse than Apple's, as it has allowed crafted certificates to evade validation checks for all versions of GnuTLS ever released since that project got started in late 2000.

Read more at LWN

 

 

Comments

Subscribe to Comments Feed

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board