CA certificate check bypass with X509_V_FLAG_X509_STRICT

The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an...

PT-2021-2477 · Openssl +6 · Openssl +6

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 1.1.1h through 1.1.1j Description: The issue is related to an error in the implementation of a check for certificates in a chain that have explicitly encoded elliptic curve parameters when the X509 V FLAG X509 STRICT flag is...