GnuTLS -- improper SSL certificate verification

ID 856A6F84-8B30-11DE-8062-00E0815B8DA8
Type freebsd
Reporter FreeBSD
Modified 2009-08-11T00:00:00


GnuTLS reports:

By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS into 1) not printing the entire CN/SAN field value when printing a certificate and 2) cause incorrect positive matches when matching a hostname against a certificate.