GnuTLS: Big internal bugs, few real-world problems

With GnuTLS’s most recent and perhaps biggest failure to date, Red Hat found that GnuTLS, when shown a specially rigged kind of bogus SSL certificate, would fail to see that the certificate was a fake.

The project itself, despite its name, is no longer associated with GNU or GNU/Linux. Its chief designer, Nikos Mavrogiannopoulos, had “a major disagreement with the Free Software Foundation’s (FSF) decisions and practices. He then made it an independent project.