Bug 1286034 - glib-networking reimplements certificate verification and it shouldn't
glib-networking reimplements certificate verification and it shouldn't
Status: CLOSED DUPLICATE of bug 1250175
Product: Fedora
Classification: Fedora
Component: glib-networking (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Matthias Clasen
Fedora Extras Quality Assurance
: 1246492 1284655 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2015-11-27 05:02 EST by Nikos Mavrogiannopoulos
Modified: 2016-02-29 18:08 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-02-29 18:08:17 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
GNOME Desktop 753260 None None None Never

  None (edit)
Description Nikos Mavrogiannopoulos 2015-11-27 05:02:16 EST
Description of problem:
glib-networking re-implements certificate verification instead of use the crypto library's certificate verification. There were reasons for this reimplementation but in the long run we get more issues from that than benefits (see duplicates of this bug). There is no much point in enhancing the glib's verification code as it would be duplicating existing code and most likely it will remain unmaintained code which will not follow new approaches in cert verification or CA/B requirements (e.g., name constraints, usage of trust module etc).

For that we should convert that code to use the crypto library's (gnutls) verification code, and open RFEs for any features that may be missing.
Comment 1 Nikos Mavrogiannopoulos 2015-11-27 05:02:45 EST
*** Bug 1284655 has been marked as a duplicate of this bug. ***
Comment 2 Nikos Mavrogiannopoulos 2015-11-27 05:03:35 EST
*** Bug 1246492 has been marked as a duplicate of this bug. ***
Comment 3 Hubert Kario 2015-11-27 06:27:18 EST
Using custom code also means that this certificate validation code is completely missed when cryptographic libraries are tested and audited.
Comment 4 Jan Kurik 2016-02-24 09:03:11 EST
This bug appears to have been reported against 'rawhide' during the Fedora 24 development cycle.
Changing version to '24'.

More information and reason for this action is here:
Comment 5 David King 2016-02-29 18:08:17 EST

*** This bug has been marked as a duplicate of bug 1250175 ***

Note You need to log in before you can comment on or make changes to this bug.