Hacker News new | past | comments | ask | show | jobs | submit login

Yes.

wget -q -O - http://swupdate.openvpn.org/community/releases/openvpn-2.2.2... | tar -xzO | grep d2i

  if ((eku = (EXTENDED_KEY_USAGE *)X509_get_ext_d2i (x509, NID_ext_key_usage, NULL, NULL)) == NULL) {
  if ((ku = (ASN1_BIT_STRING *)X509_get_ext_d2i (x509, NID_key_usage, NULL, NULL)) == NULL) {
  p12 = d2i_PKCS12_bio(b64, NULL);
  p12 = d2i_PKCS12_fp(fp, NULL);
  cert = d2i_X509(NULL, (const unsigned char **) &cd->cert_context->pbCertEncoded,



Strictly speaking, yes it is likely to have some implication(s).

I think more importantly is whether it is likely to allow a server to be remotely exploited. The answer to that is "probably not", and "very likely not" if using OpenVPN's tls-auth option. At least as far as I understand the issue.

Also, http://article.gmane.org/gmane.network.openvpn.devel/6309




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: