Thank you. That clarifies things.
-Original Message-
From: Stephen Henson via RT [mailto:r...@openssl.org]
Sent: Tuesday, December 03, 2013 3:51 PM
To: Andrew Felsher (afelsher)
Cc: openssl-dev@openssl.org
Subject: [openssl.org #3188] Bug Report Null bytes in SubjectAltName mishandled
On Tue Dec 03 21:35:13 2013, afels...@cisco.com wrote:
> However, I'm uncertain as to how appropriate is this use
> of GENERAL_NAME_print(). Is the intent of this function to be used
> for purposes like this, or is it intended more for human-readable
> output, or something else entirely?
>
The out
Python's SSL module (built on OpenSSL) would improperly handle null bytes in
the SubjectAltName field domain name, deferring the validation code to other
fields. This has been patched on their end, but may be indicative of a bug in
OpenSSL. The unpatched code used OpenSSL's GENERAL_NAME_print()