Bug 1250175 - glib-networking reinvents X509 cert chain checking, gets it wrong.
Summary: glib-networking reinvents X509 cert chain checking, gets it wrong.
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: glib-networking
Version: 22
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Matthias Clasen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 1286034 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-08-04 16:21 UTC by David Woodhouse
Modified: 2016-04-12 14:04 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2016-04-12 14:02:56 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
GNOME Bugzilla 753260 0 None None None 2019-07-25 11:00:09 UTC

Description David Woodhouse 2015-08-04 16:21:40 UTC 
Evolution is reporting that our IMAP server has an expired cert. It doesn't; it's just that for some reason glib-networking has reimplemented a bunch of security-sensitive code instead of just using GnuTLS as it should. And has got it wrong.

Full details in upstream bug.
Comment 1 David King 2016-02-29 23:08:17 UTC 
*** Bug 1286034 has been marked as a duplicate of this bug. ***
Comment 2 Michael Catanzaro 2016-04-12 14:04:42 UTC 
(Since we're not currently aware of any security issues in this code affecting current releases, I don't think we need to backport anything here.)
Note You need to log in before you can comment on or make changes to this bug.