Bug 1250175 - glib-networking reinvents X509 cert chain checking, gets it wrong.
glib-networking reinvents X509 cert chain checking, gets it wrong.
Product: Fedora
Classification: Fedora
Component: glib-networking (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Matthias Clasen
Fedora Extras Quality Assurance
: 1286034 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2015-08-04 12:21 EDT by David Woodhouse
Modified: 2016-04-12 10:04 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-04-12 10:02:56 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
GNOME Desktop 753260 None None None Never

  None (edit)
Description David Woodhouse 2015-08-04 12:21:40 EDT
Evolution is reporting that our IMAP server has an expired cert. It doesn't; it's just that for some reason glib-networking has reimplemented a bunch of security-sensitive code instead of just using GnuTLS as it should. And has got it wrong.

Full details in upstream bug.
Comment 1 David King 2016-02-29 18:08:17 EST
*** Bug 1286034 has been marked as a duplicate of this bug. ***
Comment 2 Michael Catanzaro 2016-04-12 10:04:42 EDT
(Since we're not currently aware of any security issues in this code affecting current releases, I don't think we need to backport anything here.)

Note You need to log in before you can comment on or make changes to this bug.