Red Hat Bugzilla – Bug 1286034
glib-networking reimplements certificate verification and it shouldn't
Last modified: 2016-02-29 18:08:17 EST
Description of problem:
glib-networking re-implements certificate verification instead of use the crypto library's certificate verification. There were reasons for this reimplementation but in the long run we get more issues from that than benefits (see duplicates of this bug). There is no much point in enhancing the glib's verification code as it would be duplicating existing code and most likely it will remain unmaintained code which will not follow new approaches in cert verification or CA/B requirements (e.g., name constraints, usage of trust module etc).
For that we should convert that code to use the crypto library's (gnutls) verification code, and open RFEs for any features that may be missing.
*** Bug 1284655 has been marked as a duplicate of this bug. ***
*** Bug 1246492 has been marked as a duplicate of this bug. ***
Using custom code also means that this certificate validation code is completely missed when cryptographic libraries are tested and audited.
This bug appears to have been reported against 'rawhide' during the Fedora 24 development cycle.
Changing version to '24'.
More information and reason for this action is here:
*** This bug has been marked as a duplicate of bug 1250175 ***