-
Notifications
You must be signed in to change notification settings - Fork 3
SpiderLabs/TWSL2011-007_iOS_code_workaround
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
= testcert Reference implementation for TWSL2011-007 vulnerability workaround (aka CVE-2011-0228). Author: Eric Monti Date: July 28, 2011 = Compiling Compile with your Apple iOS SDK CFLAGS along with: gcc -o testcert testcert.m -framework Foundation -framework Security The compile arguments above should work as-is for OS X if you just want to check it out. = Usage: $ testcert path/to/file.der severname The file should be in raw DER format, which is just base64-decoded data found beween the BEGIN and END CERTIFICATE lines in an encoded certificate: -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- = License: Copyright (C) 2011 Eric Monti - Trustwave Holdings This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
About
Workaround for the vulnerability identified by TWSL2011-007 or CVE-2008-0228 - iOS x509 Certificate Chain Validation Vulnerability
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published