[openssl-users] OpenSSL Security Advisory - CVE-2015-1793

R C Delgado rcdelgado05 at gmail.com
Fri Jul 10 12:09:03 UTC 2015


With regards to CVE-2015-1793, I've seen the example in verify_extra_test.c.
How deep does the certificate chain have to be?
If I have 2 self-signed CA certificates, and a non-CA certificate is
received for verification, will this hit the problem?

Also, is it a condition of the bug that both CA certificates have to have
the same subject names and keys, as suggested in the file?

Many thanks for your help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150710/789f01d1/attachment.html>

More information about the openssl-users mailing list