Ryan Lovett wrote: > I'm sure the gnutls folks would welcome your bug reports about its security > and stability.
Howard Chu did an analysis and discussed that with gnutls developers since OpenLDAP users reported crashes when using LDAP with SSL. I'm not feeling comfortable with what he found out: http://www.openldap.org/lists/openldap-devel/200802/msg00072.html More related postings: http://www.openldap.org/lists/openldap-devel/200802/msg00100.html Well, assuming a single-valued subjectAltName extension is simply naive. I'm aware of Debian's licensing paranoia regarding OpenSSL. But deploying a X.509 lib which is not capable of handling widely used X.509v3 extensions safely is not a solution either. I'm not a C programmer. But I wrote a X.509 cert parser in Python myself running it through a collection of several hundred weird formatted certs when testing. So I know what you have to expect when doing this. Ciao, Michael. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
