[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification
From: Marc Deslauriers <marc.deslauriers () canonical ! com>
Date: 2012-04-30 23:34:48
Message-ID: 1335828888.2997.17.camel () mdlinux
[Download RAW message or body]
On Tue, 2012-04-24 at 12:04 +0200, Ludwig Nussel wrote:
> Hi,
>
> libsoup 2.32.2 does not verify certificates at all if an application does
> not explicitly specify a file with trusted root CA's. Since that libsoup
> version relies on the verification failure to clear the trust flag it
> always considers ssl connections as trusted in that case.
>
> Reference:
> https://bugzilla.novell.com/show_bug.cgi?id=758431
>
Here is an upstream bug about the issue.
https://bugzilla.gnome.org/show_bug.cgi?id=666280
Marc.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic