curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder Daniel himself.

Inquiry on Reproducing CVE-2024-8096: OCSP Stapling Bypass with GnuTLS

From: aquilamacedo--- via curl-library <curl-library_at_lists.haxx.se>
Date: Sun, 22 Sep 2024 00:00:30 +0000

Hello everyone,

I recently came across the report on HackerOne regarding CVE-2024-8096
(https://hackerone.com/reports/2669852), which discusses the OCSP
stapling
bypass with GnuTLS. I've been attempting to set up a server similar to
the one
described in the report in order to reproduce the issue, however, I've
not been
successful so far.

Could anyone provide insights on how the server was configured to return
the
"unauthorized (6)" error? I would like to replicate this error for
testing
purposes.

Cheers,

-- 
Aquila Macedo <aquilamacedo>
-- 
-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2024-09-22