On 11/08/2017 00:29, Jonathan Rudenberg wrote:


On Aug 10, 2017, at 17:04, Jakob Bohm via dev-security-policy 
<dev-security-policy@lists.mozilla.org> wrote:

Can anyone point out a real world X.509 framework that gets confused by
a redundant pathlen:0 in a CA:FALSE certificate?  (Merely to assess the
seriousness of the issue, given that the certificate was already
revoked).

Yes, the cryptography Python package: 
https://github.com/pyca/cryptography/issues/3856


Reading that issue, the text in comment #0 is unclear.  Does the python
code reject such certificates, or somehow skip extensions and declaring
possibly invalid uses to be valid?

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to