-
Notifications
You must be signed in to change notification settings - Fork 3
SpiderLabs/TWSL2011-007_iOS_code_workaround
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
= testcert
Reference implementation for TWSL2011-007 vulnerability workaround (aka
CVE-2011-0228).
Author: Eric Monti
Date: July 28, 2011
= Compiling
Compile with your Apple iOS SDK CFLAGS along with:
gcc -o testcert testcert.m -framework Foundation -framework Security
The compile arguments above should work as-is for OS X if you just want
to check it out.
= Usage:
$ testcert path/to/file.der severname
The file should be in raw DER format, which is just base64-decoded
data found beween the BEGIN and END CERTIFICATE lines in an encoded
certificate:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
= License:
Copyright (C) 2011 Eric Monti - Trustwave Holdings
This program is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
Free Software Foundation, either version 3 of the License, or (at your
option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.
You should have received a copy of the GNU General Public License along
with this program. If not, see <http://www.gnu.org/licenses/>.
About
Workaround for the vulnerability identified by TWSL2011-007 or CVE-2008-0228 - iOS x509 Certificate Chain Validation Vulnerability
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published