It turns out that X.509 is sufficiently complex that you can fuzz certificates by stitching together seeds into a "frankencert" and use them to find holes in TLS implementations. They find 208 differences in between implementations, including some nasty ones in MatrixSSL and GnuTLS.
https://www.cs.utexas.edu/~shmat/shmat_oak14.pdf https://github.com/sumanj/frankencert Will.
_______________________________________________ langsec-discuss mailing list [email protected] https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
