Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix openssl cert peer validation #2121

Merged
merged 1 commit into from Mar 15, 2018

Conversation

@marcioapm
Copy link
Contributor

@marcioapm marcioapm commented Mar 14, 2018

This is for 0.7.32 and is important due to the imminent european GDPR deadline...
The same bug is also present in master.

@wilzbach
Copy link
Member

@wilzbach wilzbach commented Mar 14, 2018

lastpos should initially be set to -1. If there are no more entries -1 is returned.

From https://linux.die.net/man/3/x509_name_get_index_by_nid

So shouldn't the while loop in general be kept?

@s-ludwig
Copy link
Member

@s-ludwig s-ludwig commented Mar 15, 2018

Think so, too. AFAICT the mistake is that i is not initialized to -1.

@marcioapm marcioapm force-pushed the marcioapm:fix_openssl_cert_peer_validation branch from c3e0acc to 32370d9 Mar 15, 2018
@marcioapm
Copy link
Contributor Author

@marcioapm marcioapm commented Mar 15, 2018

Fixed!

@s-ludwig
Copy link
Member

@s-ludwig s-ludwig commented Mar 15, 2018

Thanks! I'll merge it to master, too.

@marcioapm
Copy link
Contributor Author

@marcioapm marcioapm commented Mar 15, 2018

This is quite important for GDPR compliance... are you able to do another 0.7.x release?

@s-ludwig s-ludwig merged commit b1e46af into vibe-d:0.7.x Mar 15, 2018
0 of 2 checks passed
0 of 2 checks passed
continuous-integration/appveyor/pr Waiting for AppVeyor build to complete
Details
continuous-integration/travis-ci/pr The Travis CI build is in progress
Details
@s-ludwig
Copy link
Member

@s-ludwig s-ludwig commented Mar 15, 2018

are you able to do another 0.7.x release?

Yes, I can do that. If you see any fixes in the change log for the 0.8.2 or 0.8.3 releases that look important, I could possibly merge those, too, to make the release more valuable.

@marcioapm
Copy link
Contributor Author

@marcioapm marcioapm commented Mar 15, 2018

I will have a look and let you know! Thanks Sönke! :)

s-ludwig added a commit that referenced this pull request Mar 15, 2018
@wilzbach
Copy link
Member

@wilzbach wilzbach commented Mar 15, 2018

I guess this should be tagged as 0.8.4 or 0.8.3-1 then too?

@marcioapm
Copy link
Contributor Author

@marcioapm marcioapm commented Mar 15, 2018

@s-ludwig I found the following commits that would be immediately valuable for us.
I also hope it compiles with latest DMD - we are still on 0.76.1 but thinking about upgrading soon.

important
fix leakage of connections
ab5ebe9

Fix support for outbound SSL w/ SSL1.1.x
4b0466e

good to have
throw useful error message on MongoDB query failures
31281f2

Properly handle TLS disconnects in OpenSSLStream.leastSize.
1c55fb0

Use non-GC memory for MatchGraphBuilder.
e7a0f30

Use small integer types for MatchGraph(Builder) to reduce memory usage.
396400b

good if compatible
Fix closing of user-triggered non-keepalive connections.
2a768b2

Thanks Sönke.

@s-ludwig
Copy link
Member

@s-ludwig s-ludwig commented Mar 18, 2018

Opened corresponding PRs: #2125, #2126, #2127, #2128, #2129

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants