Thank you Steve,
This is very useful information.
>>I'm getting private queries about this (why is there is such reluctance
to discuss the delights of FIPS 140-2 in public?).
I've noticed technical questions related to private FIPS certifications
never get answered, at least not on this distribu
Hello,
One further question. Can you please confirm that the alternative
certificate chain feature is enabled by default? It seems to be implied in
all emails regarding this matter, and I'm assuming the Advisory email would
have mentioned it otherwise.
I've searched the OpenSSL code and seen that
Thank you very much. It really helps.
On Fri, Jul 10, 2015 at 2:32 PM, Matt Caswell wrote:
>
>
> On 10/07/15 13:09, R C Delgado wrote:
> > Hello,
> >
> > With regards to CVE-2015-1793, I've seen the example in
> verify_extra_test.c.
> > How deep does t
Hello,
With regards to CVE-2015-1793, I've seen the example in verify_extra_test.c.
How deep does the certificate chain have to be?
If I have 2 self-signed CA certificates, and a non-CA certificate is
received for verification, will this hit the problem?
Also, is it a condition of the bug that bo
