Quadronyx (QDNX) uBlog Quadronyx (QDNX) uBlog
  • Login
Contact uqdnx2013@qdnx.org for a free account here.
  • Public

    • Public
    • Groups
    • Recent tags
    • Popular
    • Directory

http://u.qdnx.org/file/-20150709T192251-3jdy2zw.html

http://u.qdnx.org/file/-20150709T192251-3jdy2zw.html
Thinking very hard about switching to another #SSL. From today's #openssl security advisory:

During certificate verification, OpenSSL (starting from version 1.0.1n and
1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this
logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use a valid
leaf certificate to act as a CA and "issue" an invalid certificate.

This sounds to me like a hopeless code base. It's been patched and patched and patched and with today's complexity is probably worse than any spaghetti code I ever saw when I was a programmer 35-40 years ago. !security

Notices where this attachment appears

  1. benfell benfell

    Thinking very hard about switching to another #SSL. From today's #openssl security advisory: During cer…

    Thursday, 09-Jul-15 19:19:40 UTC

Tags for this attachment

  • openssl
  • ssl
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

Quadronyx (QDNX) uBlog is a microblogging service brought to you by Quadronyx. It runs the StatusNet microblogging software, version 1.1.0-release, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Quadronyx (QDNX) uBlog content and data are available under the Creative Commons Attribution 3.0 license.