OpenSSL -- Multiple vulnerabilities
The OpenSSL project reports:
Applications that use a non-default option when verifying certificates may be
vulnerable to an attack from a malicious CA to circumvent certain checks.
The function X509_VERIFY_PARAM_add0_policy() is documented to
implicitly enable the certificate policy check when doing certificate
verification. However the implementation of the function does not
enable the check which allows certificates with invalid or incorrect
policies to pass the certificate verification.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright