Full_Name: Howard Chu Version: any OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (76.91.220.157) Submitted by: hyc

Our chkhost implementation for OpenSSL does a simple strcasecmp on the name obtained from the certificate CN; if the CN has an embedded NUL it is possible for this check to be spoofed. This is now fixed in HEAD.

Our chkhost implementation for GnuTLS is not vulnerable.

We didn't write a chkhost implementation for MozNSS, we just use the default one they provide. Inspecting their code shows that their default checker is also vulnerable. I will be writing a replacement for libldap shortly.