Re: GnuTLS considered harmful

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GnuTLS considered harmful

From:	Nikos Mavrogiannopoulos
Subject:	Re: GnuTLS considered harmful
Date:	Sun, 30 May 2010 11:54:34 +0200
User-agent:	Thunderbird 2.0.0.24 (X11/20100411)

Stephane Bortzmeyer wrote:
> As far as I know, this rant has never been discussed here:
> 
> http://www.openldap.org/lists/openldap-devel/200802/msg00072.html
> 
> [...] I strongly recommend that GnuTLS not be used. All of its APIs
> would need to be overhauled to correct its flaws [...]

It's a rant. As far as I remember he was referring to a single function
that had an issue in gnutls and generalized it. His generalized claims
were not true back then and are not true now. His claim about the given
function was true and was fixed in later versions.

I believe he got confused by the ASN.1 library API that uses strings to
refer to positions on the PKIX1 schema, such as "PKIX1.GeneralTime". For
those fixed size strings we use string functions, and this might confuse
someone just doing grep on the code and not familiar with the api.

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

GnuTLS considered harmful, Stephane Bortzmeyer, 2010/05/29
- Re: GnuTLS considered harmful, Nikos Mavrogiannopoulos <=
- Re: GnuTLS considered harmful, Simon Josefsson, 2010/05/31

Prev by Date: GnuTLS considered harmful
Next by Date: Re: how to send arbitrary data in supplemental data message
Previous by thread: GnuTLS considered harmful
Next by thread: Re: GnuTLS considered harmful
Index(es):
- Date
- Thread