Your message dated Tue, 10 Feb 2009 07:29:12 +0100
with message-id <49911eb8.7080...@debian.org>
and subject line Re: isakmpd: Does not properly check the return value of
X509_verify
has caused the Debian Bug report #513534,
regarding isakmpd: Does not properly check the return value of X509_verify
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
513534: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513534
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: isakmpd
Severity: serious
Tags: security
Hi,
I was looking at return codes for applications making use of
openssl functions and found this in x509.c:
if (X509_verify(cert, key) == -1) {
log_print("x509_cert_validate: self-signed cert is bad");
return 0;
}
X509_verify returns the value of the ASN1_item_verify() call
which normally returns 0 if the verification failed,
but can also return -1 for some other error cases.
I have no idea what this code is used for or what the
consequences of this are.
Kurt
--- End Message ---
--- Begin Message ---
Hi
This doesn't seem to be a bug as explained by the maintainer, so I'm
closing it.
Cheers
Luk
--- End Message ---
