On 03/27/2014 02:34 PM, Florian Weimer wrote:
IIRC, I sent you a reproducer when reporting CVE-2009-3876 that does this. I haven't got it anymore, but I believe I used a trust manager
Sorry, this has to be an X509KeyManager with a suitable getCertificateChain() method.
that returned a subclass of X509CertImpl with an overridden getEncoded() method that simply returned crafted DER. No further changes or bootclasspath hacks were required.
-- Florian Weimer / Red Hat Product Security Team
