[openssl-dev] [openssl.org #1852] Invalid Proxy Certificates Pass Validation
Richard Levitte via RT
rt at openssl.org
Wed Jun 29 21:16:31 UTC 2016
On Mon Jun 20 19:37:41 2016, levitte wrote:
> On Tue Feb 02 01:44:47 2016, openssl-dev at openssl.org wrote:
> > On Mon, Feb 01, 2016 at 07:18:04PM +0000, Rich Salz via RT wrote:
> >
> > > This is reported against 0.9.x; please open a new ticket if still a
> > > problem
> > > with current releases.
> >
> > The same behaviour is present in all releases including master.
> > I don't see any code in OpenSSL that imposes any constraints on
> > the subject names of proxy certificates.
> >
> > If strict adherence to the rules in RFC3820 is important for security
> > (I don't where proxy certs are used and what real semantics
> > applications expect), then this issue remains to be addressed.
> >
> > Perhaps reopen this one.
>
> This has now been fixed in master, along with a pc pathlength checking
> bug fix.
>
> The backport to 1.0.2 (and possibly 1.0.1) is still pending review.
Fix merged into 1.0.2
Cheers,
Richard
--
Richard Levitte
levitte at openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1852
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list