0003268: AnsiC stack uses SHA1 for explicit trust check

ID	Project	Category	View Status	Date Submitted	Last Update

0003268	UA	Implementation Bug	public	2016-01-13 10:07	2016-05-04 07:17

Reporter	Bernd Edlinger	Assigned To	~~user319~~
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	resolved	Resolution	fixed

Summary	0003268: AnsiC stack uses SHA1 for explicit trust check
Description	The function OpcUa_P_OpenSSL_CertificateStore_IsExplicitlyTrusted uses only SHA1 to check if a certificate is in the explicit trust list. That is not sufficient, we should binary compare the certificates with X509_cmp for instance. Note: SHA1 is broken.
Tags	No tags attached.

Fix Due Date

Date Modified	Username	Field	Change
2016-01-13 10:07	Bernd Edlinger	New Issue
2016-05-04 07:16	~~user319~~	Assigned To	=> user319
2016-05-04 07:16	~~user319~~	Status	new => acknowledged
2016-05-04 07:17	~~user319~~	Note Added: 0006859
2016-05-04 07:17	~~user319~~	Status	acknowledged => resolved
2016-05-04 07:17	~~user319~~	Resolution	open => fixed

~~user319~~ 2016-05-04 07:17 ~0006859	fixed in 1.03.340 Certificates have to be binary identical to be trusted.