[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd verifyclient fails on demand



--On Tuesday, April 21, 2015 2:18 AM +0200 Enterprise Spirit <ldaptech+Etherape@kernelbug.org> wrote:

Howard Chu,
If you allow me to ask you something about gnutls directly, do you still
stand behind the statement you made here,
http://www.openldap.org/lists/openldap-devel/200802/msg00072.html

i know it's out of date but you said 'the code is fundamentally broken'.
I'm not knowledged about the internals of gnutls but i am very cusious if
you changed your mind since then.

It's funny you ask... There was a spirited debate with one of the GnuTLS author's a while back about this, as they blogged that Howard was incorrect. Howard pointed out on the blog (<http://nmav.gnutls.org/2011/05/is-really-gnutls-considered-harmful.html>) that he was in fact still correct, and gave examples. After which the GnuTLS author deleted the entire conversation off of his blog, and locked it down. That, to me, says worlds about how "safe" one can consider GnuTLS.


--Quanah


--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration