> On Aug 10, 2017, at 17:04, Jakob Bohm via dev-security-policy > <dev-security-policy@lists.mozilla.org> wrote: > > Can anyone point out a real world X.509 framework that gets confused by > a redundant pathlen:0 in a CA:FALSE certificate? (Merely to assess the > seriousness of the issue, given that the certificate was already > revoked).
Yes, the cryptography Python package: https://github.com/pyca/cryptography/issues/3856 _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy