On Sat, Jul 7, 2012 at 2:27 PM,  <pro...@secure-mail.biz> wrote:
> Hello,
> is it possible to sign a foreign SSL public key without having CSR/private 
> key?
> Background:
> Because the public root CA's failed at least twice (DigiNotar, Comodo), I'd 
> like to pin a SSL certificate from a website I have no control over. 
> (Therefore I no access the the private key and can subsequently also not 
> create a CSR.) Pin the SSL cert by using a local self signed CA.
Sorry to dig up an old topic.

>From "Hacker Bypasses Apple's iOS In-App Purchases,"

    "Essentially, this circumvention technique relies
    on installing certificates for a fake in-app purchase
    server as well as a custom DNS server," writes
    ZDNet's Emil Protalinski. "The latter's IP address
    is then mapped to the former, which in turn allows
    all 'purchases' to go through.

PKI and DNS are complicit here, also. I'm not sure if Apple exposes
any pinning functionality in their StoreKit API.

OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to