Jostein Tveit wrote:
Goetz Babin-Ebell <[EMAIL PROTECTED]> writes:
is the NISCC test suite that found the ASN.1 bugs in OpenSSL somewhere available ?
This was the answer I got when I contacted NISCC some days after the ASN.1
bug was discovered:
: NISCC has a policy of only releasing the test-suite to recognised
: developers of products that provide SSL/TLS services and therefore may be
: vulnerable to the generic problems discovered. Unfortunately this means
: that we will not be able to release the material to you.
:-(
Aren't you (Goetz) or your employer developers of products that provide SSL/TLS services? If yes, the problem should only be the verb "recognised". In your place i would try contacting NISCC directly.
Ciao,
Richard
--
Dr. Richard W. Könning
Fujitsu Siemens Computers GmbH
______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
