lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Lynx-dev] Regarding: Null Prefix Attacks Against SSL Certificates


From: Thorsten Glaser
Subject: [Lynx-dev] Regarding: Null Prefix Attacks Against SSL Certificates
Date: Wed, 5 Aug 2009 10:11:26 +0000 (UTC)

Hi,

please update your report to state that Lynx does not need to be patched
since it already handles this gracefully:

┌──┤ interactive warning in the status line
│SSL 
error:host(spamfilter2.tarent.de)!=cert(CN<*\x00.secureconnection.cc>)-Continue?
 (y)
└

┌──┤ message log excerpt
│8. Secure 256-bit TLSv1/SSLv3 (DHE-RSA-AES256-SHA) HTTP connection
│7. Certificate issued by: /C=ES/ST=Barcelona/L=Barcelona/O=IPS Certification 
Authority s.l./address@hidden C.I.F. B-B62210695/OU=ipsCA CLASEA1 Certification 
Authority/CN=ipsCA CLASEA1 Certification Authority/address@hidden
│6. UNVERIFIED connection to spamfilter2.tarent.de 
(cert=CN<*\x00.secureconnection.cc>)
└─

The ‘\x00’ is just not converted into a NUL byte. ‘*’ matching fails
since the host connected to doesn’t match either (a ‘\’ is invalid
in a hostname).

Sometimes, KISS pays off ☺

Tested on: MirOS httpd (MirOS #10semel), Lynx 2.8.7dev.8-MirOS
built with OpenSSL (someone on GNU/Linux should test this with
their GnuTLS crapware). I expect Lynx 2.8.7rel.1 (the current
release) to behave the same (in fact, updating Lynx in base is
next thing on my TODO).

bye,
//mirabilos
-- 
  "Using Lynx is like wearing a really good pair of shades: cuts out
   the glare and harmful UV (ultra-vanity), and you feel so-o-o COOL."
                                         -- Henry Nelson, March 1999




reply via email to

[Prev in Thread] Current Thread [Next in Thread]