BSDSec

deadsimple BSD Security Advisories and Announcements

OpenBSD 5.9 Errata for OCSP available

This errata fixes several issues in the OCSP code that could result in
the incorrect generation and parsing of OCSP requests. This remediates
a lack of error checking on time parsing in these functions, and
ensures that only
GENERALIZEDTIME formats are accepted for OCSP, as per RFC 6960.

Issues reported, and fixes provided by Kazuki Yamaguchi <k@rhe.jp>
and Kinichiro Inoguchi <kinichiro.inoguchi@gmail.com>

Patches for OpenBSD 5.9 are available at:
http://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/012_crypto.patch.sig

and have been committed to -current.

Portable LibreSSL releases will appear shortly.