Security Advisory: Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2

[EN] securityvulns.ru
no-pyccku

Related information
  Firefox / Konqueror / Safari certificate spoofing
  ertificate spoofing with subjectAltName and domain name wildcards
  [Full-disclosure] Certificate spoofing issue with Mozilla, Konqueror, Safari 2

From: Graeme Fowler <G.E.Fowler_(at)_lboro.ac.uk>
Date: 20.11.2007
Subject: Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2

Hi

On Tue, 2007-11-20 at 00:51 +0200, Kapetanakis Giannis wrote:
> ps. I've just discovered this:
> http://www.g-loaded.eu/2007/08/10/ssl-enabled-name-based-apache-virtual-hosts-wit
h-mod_gnutls/
>
> rfc3546 defines Server Name Indication (SNI) extention
> which is used by mod_gnutls for tls name based virtual hosting.
> Looks interesting :)

Also in OpenSSL. Use a recent snapshot and enable "--enable-tlsext" at
configure time. It'll be in the next 0.9.8 update, if I read the mailing
lists correctly.

Graeme