Is an OpenSSL 1.0.1j build that does not use the no-ssl3 build option
still vulnerable to CVE-2014-3569? It seems the SSLv3 handshake to a
no-ssl3 application scenario is just one way to exploit this and that
the ssl23_get_client_hello function causes this issue for any
unsupported or unrecognized
Thanks Jeffrey & Matt
Now I have a more question, I do not want to make code use tlsv1
method and SSL_set_tlsext_host_name to query all website, I just want
to when encounter this issue, then I will construct tlsv1 and set sni
name to query certificate, So how can I get this kind of information,
o
On 29/12/14 08:32, Jerry OELoo wrote:
> Hi.
> I am using X509_STORE_CTX_get1_chain() to construct certificate chain
> base on local root ca store. Now it works fine.
>
> But when I access this website, https://www.sgetvous.societegenerale.fr/
> I get a very strange result.
>
> Peer cert subject
On Mon, Dec 29, 2014 at 3:43 AM, Jeffrey Walton wrote:
> On Mon, Dec 29, 2014 at 3:32 AM, Jerry OELoo wrote:
>> Hi.
>> I am using X509_STORE_CTX_get1_chain() to construct certificate chain
>> base on local root ca store. Now it works fine.
>>
>> But when I access this website, https://www.sgetvou
On Mon, Dec 29, 2014 at 3:32 AM, Jerry OELoo wrote:
> Hi.
> I am using X509_STORE_CTX_get1_chain() to construct certificate chain
> base on local root ca store. Now it works fine.
>
> But when I access this website, https://www.sgetvous.societegenerale.fr/
> I get a very strange result.
>
> Peer c
Hi.
I am using X509_STORE_CTX_get1_chain() to construct certificate chain
base on local root ca store. Now it works fine.
But when I access this website, https://www.sgetvous.societegenerale.fr/
I get a very strange result.
Peer cert subject[/C=FR/O=GANDI SAS/CN=Gandi Standard SSL CA] depth[1] er
