oss-sec mailing list archives
Re: CVE Request: libesmtp does not check NULL bytes in commonName
From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Wed, 17 Mar 2010 14:32:58 +0100
ArkanoiD wrote:
And according to the draft we MUST ignore non-leaf value even if it is the only one CN, just incorrectly placed.
Many self-signed certificates seem to have an email address as leaf RDN. I guess that's because openssl's CA.sh asks for the mail address. So with that additional constraint the scary warning dialogs for self-signed certs are going to be even more confusing in the future. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Current thread:
- Re: CVE Request: libesmtp does not check NULL bytes in commonName, (continued)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 11)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 11)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 11)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 15)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Peter Sylvester (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Joe Orton (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Geoff Keating (Mar 11)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Joe Orton (Mar 11)