U tweetove putem weba ili aplikacija drugih proizvođača možete dodati podatke o lokaciji, kao što su grad ili točna lokacija. Povijest lokacija tweetova uvijek možete izbrisati. Saznajte više
To clarify the Windows crypto fail: The problem isn't in signature validation. The problem is the *root store/cache*. CryptoAPI considers an (attacker-supplied) root CA to be in the trust store if its public key and serial match a cert in the root store, Ignoring curve params.
I disagree with your assessment. Yes it could've been fixed by storing cache correctly, but that's like a compiler dev saying "well what you did is UB". He's right but also wrong, crypto should be designed to be resilient. TLS and Crypto32 should've never allowed custom curves.
The bug is in not treating EC params as part of certificate identity. However, you *are* correct that supporting custom curves at all is a bug, because RFC5480 explicitly forbids that. I assume they support it because ANSI X9.62 does, because banks or something?
Seems like EC params are no longer supported in openSSL1.1 for TLS1.2https://github.com/openssl/openssl/issues/7045 …
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
