22 May 2008, 12:36

Stunnel accepts blocked certificates

An update for the stunnel SSL wrapper has been issued in order to close a hole in its handling of x.509 certificates. Due to an error in a function that uses the Online Certificate Status Protocol (OCSP) to check the validity of certificates, an attacker can log in successfully using an already blocked certificate. The developers recommend users of the OCSP function to upgrade to stunnel version 4.24 as soon as possible.

Also on The H:

Google wants to do away with online certificate checks
SSL meltdown: a cyber war attack?
SSL meltdown forces browser developers to update
Worth Reading: Certificate Request? Ask Later!
Internet Explorer supports free certificates
Many weak web server certificates threaten online shopping

Channels

Services

Stunnel accepts blocked certificates

Also on The H:

Kernel Log: Coming in 3.10 (Part 4) - Drivers

The trouble with "Business Source"

Kernel Log: Coming in 3.10 (Part 3) - Infrastructure

Whatever happened to Google?

What's new in SUSE Linux Enterprise 11 SP3

What's new in Fedora 19

What's new in Linux 3.10

Free Software post-PRISM

Content Security Policy halts XSS in its tracks

Skype's ominous link checking: Facts and speculation

Password protection for everyone

Two clicks for more privacy

Java EE 7 at a glance

Continuous database migration with Liquibase and Flyway

Unit testing with Node.js

Ruby 2.0 - the 20th birthday present

Linux Mint 15: A better Ubuntu for the desktop

What's new in Linux 3.9

Replacing Google Reader

Attacking TrueCrypt

The H

The H Open

The H Security

The H Developer

The H Internet Toolkit