Fwd: Re: [oss-security] CVE Request: evolution-data-server lacks SSL checking in its libsoup users
Ludwig Nussel
ludwig.nussel at suse.de
Tue May 8 15:57:45 CEST 2012
Nikos Mavrogiannopoulos wrote:
> On Tue, May 8, 2012 at 2:46 PM, Ludwig Nussel <ludwig.nussel at suse.de> wrote:
>
> [...]
>> It supports similar trust settings like NSS though. Check the -addtrust
>> parameter of "openssl x509".
>
> Are you sure that addtrust doesn't just consult the object identifiers
> present in the certificate?
-addtrust (and -setalias) are independent of the information in the certificate.
crypto/asn1/x_x509a.c:
/* X509_CERT_AUX routines. These are used to encode additional
* user modifiable data about a certificate. This data is
* appended to the X509 encoding when the *_X509_AUX routines
* are used. This means that the "traditional" X509 routines
* will simply ignore the extra data.
*/
static X509_CERT_AUX *aux_get(X509 *x);
ASN1_SEQUENCE(X509_CERT_AUX) = {
ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),
ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0),
ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING),
ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING),
ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1)
} ASN1_SEQUENCE_END(X509_CERT_AUX)
IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
More information about the Gnutls-help
mailing list