[openssl-dev] [openssl.org #1852] Invalid Proxy Certificates Pass Validation
Richard Levitte via RT
rt at openssl.org
Wed Jun 29 23:10:19 UTC 2016
On Wed Jun 29 21:16:31 2016, levitte wrote:
> On Mon Jun 20 19:37:41 2016, levitte wrote:
> > On Tue Feb 02 01:44:47 2016, openssl-dev at openssl.org wrote:
> > > On Mon, Feb 01, 2016 at 07:18:04PM +0000, Rich Salz via RT wrote:
> > >
> > > > This is reported against 0.9.x; please open a new ticket if still a
> > > > problem
> > > > with current releases.
> > >
> > > The same behaviour is present in all releases including master.
> > > I don't see any code in OpenSSL that imposes any constraints on
> > > the subject names of proxy certificates.
> > >
> > > If strict adherence to the rules in RFC3820 is important for security
> > > (I don't where proxy certs are used and what real semantics
> > > applications expect), then this issue remains to be addressed.
> > >
> > > Perhaps reopen this one.
> >
> > This has now been fixed in master, along with a pc pathlength checking
> > bug fix.
> >
> > The backport to 1.0.2 (and possibly 1.0.1) is still pending review.
>
> Fix merged into 1.0.2
... and finally, fix merged into the 1.0.1 branch as well
That closes this ticket.
Cheers,
Richard
--
Richard Levitte
levitte at openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=1852
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list