|
From: | Nikos Mavrogiannopoulos |
Subject: | Re: Certificate expiration not checked by gnutls-cli [GNUTLS-SA-2009-3] [CVE-2009-1417] |
Date: | Sun, 17 Jan 2010 10:37:31 +0100 |
User-agent: | Thunderbird 2.0.0.23 (X11/20090817) |
Andreas Metzler wrote: > Ping? [...] >> this test does not work for me with any version of gnutls. There is no >> "error: certificate has expired" or even "Peer's certificate chain >> uses expired certificate". I checked it and it seems that the verification code will stop once a certificate in the chain is found invalid (that was added to counter some denial of service attacks). Here gnutls-cli cannot verify the CA certificate thus stops there and does not move forward to check time for the actual certificate. regards, Nikos
[Prev in Thread] | Current Thread | [Next in Thread] |