New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix openssl cert peer validation #2121

Merged
merged 1 commit into from Mar 15, 2018

Conversation

Projects
None yet
3 participants
@marcioapm
Contributor

marcioapm commented Mar 14, 2018

This is for 0.7.32 and is important due to the imminent european GDPR deadline...
The same bug is also present in master.

@wilzbach

This comment has been minimized.

Contributor

wilzbach commented Mar 14, 2018

lastpos should initially be set to -1. If there are no more entries -1 is returned.

From https://linux.die.net/man/3/x509_name_get_index_by_nid

So shouldn't the while loop in general be kept?

@s-ludwig

This comment has been minimized.

Member

s-ludwig commented Mar 15, 2018

Think so, too. AFAICT the mistake is that i is not initialized to -1.

@marcioapm

This comment has been minimized.

Contributor

marcioapm commented Mar 15, 2018

Fixed!

@s-ludwig

This comment has been minimized.

Member

s-ludwig commented Mar 15, 2018

Thanks! I'll merge it to master, too.

@marcioapm

This comment has been minimized.

Contributor

marcioapm commented Mar 15, 2018

This is quite important for GDPR compliance... are you able to do another 0.7.x release?

@s-ludwig s-ludwig merged commit b1e46af into vibe-d:0.7.x Mar 15, 2018

0 of 2 checks passed

continuous-integration/appveyor/pr Waiting for AppVeyor build to complete
Details
continuous-integration/travis-ci/pr The Travis CI build is in progress
Details
@s-ludwig

This comment has been minimized.

Member

s-ludwig commented Mar 15, 2018

are you able to do another 0.7.x release?

Yes, I can do that. If you see any fixes in the change log for the 0.8.2 or 0.8.3 releases that look important, I could possibly merge those, too, to make the release more valuable.

@marcioapm

This comment has been minimized.

Contributor

marcioapm commented Mar 15, 2018

I will have a look and let you know! Thanks Sönke! :)

s-ludwig added a commit that referenced this pull request Mar 15, 2018

@wilzbach

This comment has been minimized.

Contributor

wilzbach commented Mar 15, 2018

I guess this should be tagged as 0.8.4 or 0.8.3-1 then too?

@marcioapm

This comment has been minimized.

Contributor

marcioapm commented Mar 15, 2018

@s-ludwig I found the following commits that would be immediately valuable for us.
I also hope it compiles with latest DMD - we are still on 0.76.1 but thinking about upgrading soon.

important
fix leakage of connections
ab5ebe9

Fix support for outbound SSL w/ SSL1.1.x
4b0466e

good to have
throw useful error message on MongoDB query failures
31281f2

Properly handle TLS disconnects in OpenSSLStream.leastSize.
1c55fb0

Use non-GC memory for MatchGraphBuilder.
e7a0f30

Use small integer types for MatchGraph(Builder) to reduce memory usage.
396400b

good if compatible
Fix closing of user-triggered non-keepalive connections.
2a768b2

Thanks Sönke.

@s-ludwig

This comment has been minimized.

Member

s-ludwig commented Mar 18, 2018

Opened corresponding PRs: #2125, #2126, #2127, #2128, #2129

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment