Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Workaround for the vulnerability identified by TWSL2011-007 or CVE-2008-0228 - iOS x509 Certificate Chain Validation Vulnerability
Branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.


= testcert 

Reference implementation for TWSL2011-007 vulnerability workaround (aka 

Author: Eric Monti
Date:   July 28, 2011

= Compiling

Compile with your Apple iOS SDK CFLAGS along with:
   gcc -o testcert testcert.m -framework Foundation -framework Security

The compile arguments above should work as-is for OS X if you just want
to check it out.

= Usage:

    $ testcert path/to/file.der severname

The file should be in raw DER format, which is just base64-decoded
data found beween the BEGIN and END CERTIFICATE lines in an encoded


= License:

Copyright (C) 2011 Eric Monti - Trustwave Holdings

This program is free software: you can redistribute it and/or modify it 
under the terms of the GNU General Public License as published by the 
Free Software Foundation, either version 3 of the License, or (at your
option) any later version.

This program is distributed in the hope that it will be useful, but 
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.

You should have received a copy of the GNU General Public License along
with this program. If not, see <>.

Something went wrong with that request. Please try again.