RE: OpenSSL CA as trusted CA in Netscape browser - help

Sat, 18 Dec 1999 03:28:58 -0800 

The situation in Netscape is really not worse than in MS IE, where everybody
can write a piece of code (using standard well-documented Crypto API) doing
exactly the same.
For everybody too lazy to write his/her own code, you can just use "certmgr"
utility coming with Platform SDK:

        certmgr -add <file.cer> -s -r localMachine Root

will add a certificate stored in <file.cer> (which can be a CA certificate)
to the database of trusted root CAs with no questions asked (you need to
have administrative privileges to do this on NT).

So, who said there are security holes in IE? :)

Regards,

Michael.

 -----Original Message-----
From:   Massimiliano Pala [mailto:[EMAIL PROTECTED]] 
Sent:   Fri, 17 December, 1999 12:12
To:     [EMAIL PROTECTED]
Subject:        Re: OpenSSL CA as trusted CA in Netscape browser - help

Anonymous remailer wrote:
> 
> Michael Pogrebisky <[EMAIL PROTECTED]> wrote:
> > We've found a way to add any arbitrary CA certificate into certificate
> > database of Netscape Communicator (on Win32 only) in a way completely
> > transparent to users. I mean, no UI warnings or questions at all.
> > If anyone is interested, I can e-mail the code.
> >
> > P.S. Please, note, this is potentially very dangerous tool!
> >
> > Michael.
> 
> If you'll mail it to anyone who's interested, why not just post
> the code to the list so we can all see it?  Geez.
> 
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]

That could be a VERY BIG problem for the Win people because they can not
choose to trust or not the connection: I mean they are not presented with
wornings and so on...

You should report as a bug to the Netscape people.

C'you,

        Massimiliano Pala ([EMAIL PROTECTED])
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to