On Tue, 2016-11-22 at 18:46 +0100, Richard Levitte wrote: > In message > <489af892b16b43ee9a7009ffe52db...@usma1ex-dag1mb1.msg.corp.akamai.com> on > Tue, 22 Nov 2016 17:40:54 +0000, "Salz, Rich" <rs...@akamai.com> said: > > rsalz> > The more interesting part is when it tries to load files it guesses > are raw DER. > rsalz> > rsalz> And this part worries me. I do not think a "security library" should > be guessing. > > It does this by trying to interpret the blob against known ASN.1 > definitions, and will only succeed when there's a complete match. I'm > not terribly worried...
And even if you were, you should be *more* worried about making *applications* do it for themselves :) -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
