[langsec-discuss] Breaking X.509 cert validation with frankencerts

Will Sargent will.sargent at gmail.com
Sun Apr 6 18:14:54 UTC 2014


It turns out that X.509 is sufficiently complex that you can fuzz
certificates by stitching together seeds into a "frankencert" and use them
to find holes in TLS implementations.  They find 208 differences in between
implementations, including some nasty ones in MatrixSSL and GnuTLS.

https://www.cs.utexas.edu/~shmat/shmat_oak14.pdf

https://github.com/sumanj/frankencert

Will.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.langsec.org/pipermail/langsec-discuss/attachments/20140406/e7629e32/attachment.html>


More information about the langsec-discuss mailing list