From Mandriva Community Wiki

Information

Package: gnutls
Summary: Library providing a secure layer (SSL)
Description: GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer.

Test Scenarios

Test case 1

GnuTLS comes with a "make check" script that will do most of the testing for us. This should be enabled in the rpm to run during build, and is as of Mandriva 2009.0.

An automated testcase is available that was written to test for the vulnerability noted as CVE-2008-4989. It can also double somewhat as a generic testcase (and could be modified to present a more comprehensive testcase).

Testcase: gnutls/gnutls-CVE-2008-4989-test.sh; View in subversion

Test case 2

Use the gnutls-cli program to connect to an SSL-using service. The example below uses IMAP:

$ gnutls-cli -p 143 localhost -s
Resolving 'localhost'...
Connecting to '127.0.0.1:143'...

- Simple Client Mode:

* OK Dovecot ready.
. STARTTLS
. OK Begin TLS negotiation now.
*** Starting TLS handshake
- Ephemeral Diffie-Hellman parameters
 - Using prime: 1032 bits
 - Secret key: 1016 bits
 - Peer's public key: 1024 bits
- Certificate type: X.509
 - Got a certificate list of 1 certificates.

 - Certificate[0] info:
 # The hostname in the certificate does NOT match 'localhost'.

In the above the line ". STARTTLS" is a typed command, and when it says "OK", press CTRL-D to get the certificate output. You can also pass the --insecure argument to get more details of the server certificate.

Testing Results

You can report the status of testing, based on the test scenario above, below. Please use the date the test(s) were completed, your name, the status of the test(s) (pass or fail), links to any bugs the tests you ran may have produced, and also note which version(s) of Mandriva Linux were tested.

Search for open bugs against gnutls