Python's SSL module (built on OpenSSL) would improperly handle null bytes in
the SubjectAltName field domain name, deferring the validation code to other
fields. This has been patched on their end, but may be indicative of a bug in
OpenSSL. The unpatched code used OpenSSL's GENERAL_NAME_print()
On Tue Dec 03 21:35:13 2013, afels...@cisco.com wrote:
However, I'm uncertain as to how appropriate is this use
of GENERAL_NAME_print(). Is the intent of this function to be used
for purposes like this, or is it intended more for human-readable
output, or something else entirely?
The outputs
Thank you. That clarifies things.
-Original Message-
From: Stephen Henson via RT [mailto:r...@openssl.org]
Sent: Tuesday, December 03, 2013 3:51 PM
To: Andrew Felsher (afelsher)
Cc: openssl-dev@openssl.org
Subject: [openssl.org #3188] Bug Report Null bytes in SubjectAltName mishandled