Workaround for the vulnerability identified by TWSL2011-007 or CVE-2008-0228 - iOS x509 Certificate Chain Validation Vulnerability
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


= testcert 

Reference implementation for TWSL2011-007 vulnerability workaround (aka 

Author: Eric Monti
Date:   July 28, 2011

= Compiling

Compile with your Apple iOS SDK CFLAGS along with:
   gcc -o testcert testcert.m -framework Foundation -framework Security

The compile arguments above should work as-is for OS X if you just want
to check it out.

= Usage:

    $ testcert path/to/file.der severname

The file should be in raw DER format, which is just base64-decoded
data found beween the BEGIN and END CERTIFICATE lines in an encoded


= License:

Copyright (C) 2011 Eric Monti - Trustwave Holdings

This program is free software: you can redistribute it and/or modify it 
under the terms of the GNU General Public License as published by the 
Free Software Foundation, either version 3 of the License, or (at your
option) any later version.

This program is distributed in the hope that it will be useful, but 
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.

You should have received a copy of the GNU General Public License along
with this program. If not, see <>.