On Mon, 27 Feb 2012, Stephen Henson via RT wrote:
OK thanks it works fine now. The cause is rather subtle: when OpenSSL
reencodes a BIT STRING it normally preserves the original encoding so
this shouldn't happen. However in the case of a BIT STRING inside a Name
(X509_NAME) structure it didn't d
On Mon, 27 Feb 2012, Remi Gacogne wrote:
You're right, I'm sorry, I have mixed it up with another test.
This one is the right one.
Ok, just checked by downloading the certificate from RT, and it is
corrupted again.
I can't think of any other way that putting it here :
htt
Hi,
The certificate example you gave seems to be corrupted: the parse
rejects it and it never calls i2c_ASN1_BIT_STRING().
You're right, I'm sorry, I have mixed it up with another test.
This one is the right one.
Thank you for looking into this issue !
Regards,
Remi Gacogne
On Mon, 27 Feb 2012, Stephen Henson via RT wrote:
> OK thanks it works fine now. The cause is rather subtle: when OpenSSL
> reencodes a BIT STRING it normally preserves the original encoding so
> this shouldn't happen. However in the case of a BIT STRING inside a Name
> (X509_NAME) structure it di
On Mon, 27 Feb 2012, Remi Gacogne wrote:
> You're right, I'm sorry, I have mixed it up with another test.
> This one is the right one.
Ok, just checked by downloading the certificate from RT, and it is
corrupted again.
I can't think of any other way that putting it here
Hi,
> The certificate example you gave seems to be corrupted: the parse
> rejects it and it never calls i2c_ASN1_BIT_STRING().
You're right, I'm sorry, I have mixed it up with another test.
This one is the right one.
Thank you for looking into this issue !
Regards,
Remi Ga
cleanly
against 1.0.1-beta3.
Regards,
Remi Gacogne
Hi,
This patch fixes a potential double-free in PKCS12_parse() when the ca parameter is not NULL and sk_X509_push() fails, likely under memory pressure.
In this case, *cert is freed two times instead of freeing *cert then x.
This patch has
an also be remotely triggered by supplying this certificate over the
wire to an openssl server or client.
The attached patch fixes the problem for openssl 1.0.0g and 1.0.1 beta3.
Regards,
Remi Gacogne
Hi,
This patch fixes a invalid read in i2c_ASN1_BIT_STRING() when a->data contains an
cleanly
against 1.0.1-beta3.
Regards,
Remi Gacogne
--- openssl-1.0.0g-orig/crypto/pkcs12/p12_kiss.c 2009-04-04 15:39:48.0 +0200
+++ openssl-1.0.0g/crypto/pkcs12/p12_kiss.c 2012-02-26 18:08:08.769994161 +0100
@@ -167,7 +167,7 @@
if (cert && *cert)
X509_free(*cert);
if (x)
- X
ak existing code.
This patch has been generated against OpenSSL 0.9.8t, but it applies cleanly
against 1.0.0g and 1.0.1-beta2.
Thank you,
Regards,
Remi Gacogne
Hi,
This patch fixes a potential NULL pointer dereference in EVP_DigestInit_ex() when type is NULL and somehow ctx->digest
Hi,
This patch fixes a potential NULL pointer dereference in EVP_DigestInit_ex()
when type is NULL and somehow ctx->digest is not whereas ctx->engine is.
I don't think this is very likely to happen, but still doesn't hurt to fix it,
even only in 1.0.1-beta2, as it will not break existing code a
11 matches
Mail list logo
