Package: glib-networking / 2.58.0-2+deb10u2


Package Version Patches format
glib-networking 2.58.0-2+deb10u2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
Return bad identity error if identity is unset.patch | (download)

tls/gnutls/gtlsconnection-gnutls.c | 20 11 + 9 - 0 !
tls/tests/connection.c | 69 69 + 0 - 0 !
2 files changed, 80 insertions(+), 9 deletions(-)

 return bad identity error if identity is unset

When the server-identity property of GTlsClientConnection is unset, the
documentation sasy we need to fail the certificate verification with
G_TLS_CERTIFICATE_BAD_IDENTITY. This is important because otherwise,
it's easy for applications to fail to specify server identity.

Unfortunately, we did not correctly implement the intended, documented
behavior. When server identity is missing, we check the validity of the
TLS certificate, but do not check if it corresponds to the expected
server (since we have no expected server). Then we assume the identity
is good, instead of returning bad identity, as documented. This means,
for example, that can present a valid certificate issued to, and we would happily accept it for

[smcv: Backport to glib-networking 2.58.x, which didn't have OpenSSL
support or the GTlsConnectionBase base-class]

debian/01_connection_test.patch | (download)

tls/tests/ | 2 0 + 2 - 0 !
1 file changed, 2 deletions(-)

 disable "connection" tests

They are flaky and racy on the buildds / test machines.