This vulnerability only comes into play during active TLS sessions. Certificate chain validation is not affected. S/MIME is not affected.
Quoting Dr Henson (a later message, Message-ID <20090107184137.ga99...@openssl.org>): > Certificate chain validation is not affected nor other forms of DSA/ECDSA > signature verification such as S/MIME. -Kyle H On Thu, Jan 8, 2009 at 2:35 AM, Harakiri <harakiri...@yahoo.com> wrote: > > --- On Wed, 1/7/09, Dr. Stephen Henson <st...@openssl.org> wrote: > >> Incorrect checks for malformed signatures >> - ------------------------------------------- > > > It is not perfectly clear to me if regular certificate validiations and smime > signature validiation is also affected by this. Could you please elaborate if > this vul could be used while verifying certificate (chains) and/or smime > signatures? > > Thanks > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
