Open ydahhrk opened 4 weeks ago
Fort is parsing signed objects using a generic BER parser. (DER is a more strict version of BER.)
There used to be a check, but I deleted it during the 1.6.2 release review, because it was incorrect (and nontrivial to fix).
Though this is clearly RFC-mandated, I'm not aware of any vulnerabilities or meaningful misbehavior this violation might cause. I'll classify it as Medium for now.
Fort is parsing signed objects using a generic BER parser. (DER is a more strict version of BER.)
There used to be a check, but I deleted it during the 1.6.2 release review, because it was incorrect (and nontrivial to fix).
Though this is clearly RFC-mandated, I'm not aware of any vulnerabilities or meaningful misbehavior this violation might cause. I'll classify it as Medium for now.