On 28.08.2023 18:12, Jacob Champion wrote:
On Thu, Aug 24, 2023 at 6:25 PM Michael Paquier <mich...@paquier.xyz> wrote:
LD_PRELOAD is the only thing I can think about, but that's very fancy.
Even with that, having a certificate with a NULL peer_cn could prove
to be useful in the SSL suite to stress more patterns around it?
+1. Last we tried it, OpenSSL didn't want to create a certificate with
an embedded null, but maybe things have changed?
To embed a null byte into the Subject, I first generated a regular
certificate request in the DER (binary) format, then manually inserted
null into the file and recomputed the checksum. Like this:
https://security.stackexchange.com/a/58845
I'll try to add a client certificate lacking a CN to the SSL test suite.
--
Sergey Shinderuk https://postgrespro.com/
