[Bug 964346] New: gnutls-cli --dane checks not working
http://bugzilla.opensuse.org/show_bug.cgi?id=964346 Bug ID: 964346 Summary: gnutls-cli --dane checks not working Classification: openSUSE Product: openSUSE Tumbleweed Version: 2015* Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: bjacke@samba.org QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- gnutls-cli claims to have the --dane option to check against TLSA records DNSsec, also the man page mentions it but actually that option is silently ignored and even a connection against a server with mising or wrong TLSA record is successful. This is becasue dane support is just working if gnutls is compiled against libunbound. So please, in order to make the dane option really work, compile gnutls with libunbound. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=964346
http://bugzilla.opensuse.org/show_bug.cgi?id=964346#c1
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=964346
http://bugzilla.opensuse.org/show_bug.cgi?id=964346#c7
--- Comment #7 from Bjoern Jacke
https://build.opensuse.org/request/show/357556 Factory / gnutls
Thanks that gnutls-cli version works fine for me. It revealed another permission issue in the unbount-anchor package though, see bug #965037. I hope the DANE enabled gnutls version will make it into upcoming releases. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com