Package: glib-networking / 2.58.0-2+deb10u2
Patch seriesview the series file
|Return bad identity error if identity is unset.patch | (download)||
return bad identity error if identity is unset When the server-identity property of GTlsClientConnection is unset, the documentation sasy we need to fail the certificate verification with G_TLS_CERTIFICATE_BAD_IDENTITY. This is important because otherwise, it's easy for applications to fail to specify server identity. Unfortunately, we did not correctly implement the intended, documented behavior. When server identity is missing, we check the validity of the TLS certificate, but do not check if it corresponds to the expected server (since we have no expected server). Then we assume the identity is good, instead of returning bad identity, as documented. This means, for example, that evil.com can present a valid certificate issued to evil.com, and we would happily accept it for paypal.com. [smcv: Backport to glib-networking 2.58.x, which didn't have OpenSSL support or the GTlsConnectionBase base-class] Bug: https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135
|debian/01_connection_test.patch | (download)||
2 0 + 2 - 0 !
disable "connection" tests They are flaky and racy on the buildds / test machines.