cURL / Mailing Lists / curl-library / Single Mail

curl-library

CVE-2013-4545 and GnuTLS backend

From: Marc Deslauriers <marc.deslauriers_at_canonical.com>
Date: Fri, 29 Nov 2013 14:49:28 -0500

Hello,

I was just looking at the patch for CVE-2013-4545
(http://curl.haxx.se/docs/adv_20131115.html), and I believe the GnuTLS backend
has the same problem.

In lib/gnutls.c:

In gtls_connect_step3():

  if(data->set.ssl.verifypeer) {
    <snip>
  }
  else {
    infof(data, "\t server certificate verification SKIPPED\n");
    goto after_server_cert_verification;
  }

<snip>
rc = gnutls_x509_crt_check_hostname(x509_cert, conn->host.name);

  if(!rc) {
    if(data->set.ssl.verifyhost) {
      failf(data, "SSL: certificate subject name (%s) does not match "
            "target host name '%s'", certbuf, conn->host.dispname);
      gnutls_x509_crt_deinit(x509_cert);
      return CURLE_PEER_FAILED_VERIFICATION;
    }

<snip>

after_server_cert_verification:
<snip>

This either needs to be fixed, or if the backend doesn't support it, the
curl_easy_setopt documentation needs to be updated.

Thanks,

Marc.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-11-29

This message: [ Message body ]
Next message: Nathan Rosenblum: "Re: Determine available upload/download bandwidth"
Previous message: Daniel Stenberg: "Re: [PATCH 1/3] nss: use a better API for controlling SSL version"
Next in thread: Daniel Stenberg: "Re: CVE-2013-4545 and GnuTLS backend"
Reply: Daniel Stenberg: "Re: CVE-2013-4545 and GnuTLS backend"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]