[openssl-users] OpenSSL Security Advisory - CVE-2015-1793
R C Delgado
rcdelgado05 at gmail.com
Fri Jul 10 12:09:03 UTC 2015
Hello,
With regards to CVE-2015-1793, I've seen the example in verify_extra_test.c.
How deep does the certificate chain have to be?
If I have 2 self-signed CA certificates, and a non-CA certificate is
received for verification, will this hit the problem?
Also, is it a condition of the bug that both CA certificates have to have
the same subject names and keys, as suggested in the file?
Many thanks for your help.
RCD
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150710/789f01d1/attachment.html>
More information about the openssl-users
mailing list