h.b.furuseth@usit.uio.no wrote:
I wrote:
Finally, libldap/tls.c does not check if ber_decode_oid() fails.
Fixed that. Waiting for the other stuff, depends on the code's intent.
Go ahead and fix whatever problems you see. Assume that maliciously constructed cert DNs are present, because undoubtedly there will be.