[openssl-dev] [openssl.org #3665] Bug report and a patch forOpenSSL 1.0.1l (and 1.0.1k)
Uri Blumenthal via RT
rt at openssl.org
Tue Jan 20 03:15:32 UTC 2015
Also, the way I read the current code (crypto/asn1/a_type.c, line 120 - it would (incorrectly) reject a certificate where both algorithms are encoded with absent parameter lists:
if (!a || !b || a->type != b->type) return -1;
I think we all agree that such a certificate would be valid/legal?
--
Uri Blumenthal
uri at mit.edu<mailto:uri at mit.edu>
More information about the openssl-dev
mailing list