Vulnerability Development: Re: x509 cert parsing in web browsers

["Fernando J. Pando" <fpando () nyc rr com>]

I am having the same issue with openssl.

i tried new openssl releases versions a-g but they all seem to fail on
netscape client for mac with
self-signed certs.

netscape 7.0 for mac was reported by my developers to be free of this ssl
mismatch issue.

does any one know of any server directives to fix this nescape issue?

-fjp





Administrator Serwera TEK-ART wrote:

> -----Original Message-----
> From: Administrator Serwera TEK-ART [mailto:admin () tek-art com pl]
> Sent: Monday, September 09, 2002 12:31 AM
> To: Michal Zalewski
> Subject: RE: x509 cert parsing in web browsers
>
> Well, it seems that I had the same problem.
>
> Bad certificate error was produced by OpenSSL, and connection failed by
> Netscape/Mozilla browser, while MSIE opened the secure pages correctly.
>
> I have noticed, that some commercial servers based on commercial (e.g.
> VeriSign) certificated are opened correctly by the browser. So it means,
> that OpenSSL produces certificates ONLY MSIE compatible. Well, as far as I
> think so :)
>
> If you know, how I can produce an all-browser-compatible certificate using
> my own CA and OpenSSL, I would be grateful for such an information.
>
> SeeYa