[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fwd: Re: [oss-security] CVE Request: evolution-data-server lacks SSL
|
From: |
Ludwig Nussel |
|
Subject: |
Re: Fwd: Re: [oss-security] CVE Request: evolution-data-server lacks SSL checking in its libsoup users |
|
Date: |
Tue, 08 May 2012 15:57:45 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120421 Thunderbird/12.0 |
Nikos Mavrogiannopoulos wrote:
> On Tue, May 8, 2012 at 2:46 PM, Ludwig Nussel <address@hidden> wrote:
>
> [...]
>> It supports similar trust settings like NSS though. Check the -addtrust
>> parameter of "openssl x509".
>
> Are you sure that addtrust doesn't just consult the object identifiers
> present in the certificate?
-addtrust (and -setalias) are independent of the information in the certificate.
crypto/asn1/x_x509a.c:
/* X509_CERT_AUX routines. These are used to encode additional
* user modifiable data about a certificate. This data is
* appended to the X509 encoding when the *_X509_AUX routines
* are used. This means that the "traditional" X509 routines
* will simply ignore the extra data.
*/
static X509_CERT_AUX *aux_get(X509 *x);
ASN1_SEQUENCE(X509_CERT_AUX) = {
ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),
ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0),
ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING),
ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING),
ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1)
} ASN1_SEQUENCE_END(X509_CERT_AUX)
IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB
16746 (AG Nürnberg)
Re: [oss-security] CVE Request: evolution-data-server lacks SSL checking in its libsoup users, Sam Varshavchik, 2012/05/07
Re: Fwd: Re: [oss-security] CVE Request: evolution-data-server lacks SSL checking in its libsoup users, Ludwig Nussel, 2012/05/07