A mighty fortress is our PKI
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Fri Jul 23 09:36:55 EDT 2010
Looks like the CDN certificate is already causing security problems, although
not the kind that I was expecting:
While trying to import a server certificate for a CDN service, a segv bug
was found in [PKI app]. It is likely that this bug is exploitable by
sending a special crafted signed message and having a user verify the
signature.
Hmm, I wonder if this particular certificate happened to be one with 107
subjectAltName entries?
Description
Importing a certificate with more than 98 Subject Alternate Names via import
command or implicitly while verifying a signature causes [...].
Yup :-). So if nothing else it's a good stress test for your certificate-
parsing code...
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list