Looks like the CDN certificate is already causing security problems, although not the kind that I was expecting:
While trying to import a server certificate for a CDN service, a segv bug was found in [PKI app]. It is likely that this bug is exploitable by sending a special crafted signed message and having a user verify the signature. Hmm, I wonder if this particular certificate happened to be one with 107 subjectAltName entries? Description Importing a certificate with more than 98 Subject Alternate Names via import command or implicitly while verifying a signature causes [...]. Yup :-). So if nothing else it's a good stress test for your certificate- parsing code... Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
