-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Certificate verification discrepancy between OpenSSL and mbed TLS #3629
Comments
Hi! Just as a question, do you know how this certificate was generated? |
Generated by a fuzzer. I probably used the OpenSSL OSS-Fuzz X509 corpus as a seed corpus, and it was mutated from that. |
Interesting, thank you. |
@paul-elliott-arm Can you contact me at guido@guidovranken.com? Thanks. |
@paul-elliott-arm @guidovranken Can this issue be closed now as it appears to have been fixed in ca17ebf? |
Yes, this only closed the internal issue. Closing this now. |
Description
A verification discrepancy found with differential fuzzing. OpenSSL fails to verify
discrepancy_cert
against the GlobalSign CA cert whereas mbed TLS succeeds. This might be worth looking into as it could indicate a (security) bug.Bug
OS
linux
mbed TLS build:
Latest git checkout, default configuration.
Peer device TLS stack and version
Not applicable
Expected behavior
Verification fails
Actual behavior
Verification succeeds
Steps to reproduce
Compile and run:
The text was updated successfully, but these errors were encountered: