tack wrote: > Any application that makes use of OpenSSL's ASN1 library to parse > untrusted data. This includes all SSL or TLS applications, those using > S/MIME (PKCS#7) or certificate generation routines.
ASN1, for those of you who don't know, is an *encoding format* a giant, bloated, debacle of an encoding format. Some day people will wake up and realize that ease of implementation is a security issue. -Bram _______________________________________________ Bits mailing list [EMAIL PROTECTED] http://www.sugoi.org/mailman/listinfo/bits
