>>> In fact, I thought that was the reason we all
>>> had to wait ages before this long standing shortcoming
>>> was fixed.
>>
>> It almost sound like you are complaining you did not have to wait ages :)
>
> It's the inconsistency of first insisting this cannot go
> into a patch and then pushing ou
On 10/07/2015 23:03, Jeffrey Walton wrote:
During certificate verification, OpenSSL (starting from version 1.0.1n and
1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this
logic can mean that an attac
> During certificate verification, OpenSSL (starting from version 1.0.1n and
> 1.0.2b) will attempt to find an alternative certificate chain if the first
> attempt to build such a chain fails. An error in the implementation of this
> logic can mean that an attacker could cause certain checks on unt
On 09/07/15 22:46, Jakob Bohm wrote:
> On 09/07/2015 15:10, OpenSSL wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> OpenSSL Security Advisory [9 Jul 2015]
>> ===
>>
>> Alternative chains certificate forgery (CVE-2015-1793)
>> ==
On 09/07/2015 15:10, OpenSSL wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [9 Jul 2015]
===
Alternative chains certificate forgery (CVE-2015-1793)
==
Severity: High
During
