OCSP Verification Bypass in s2n_x509_validator_validate_cert_stapled_ocsp_response()
If a private key has been inappropriately disclosed, a malicious server may trick an s2n client into accepting a revoked certificate that uses OCSP stapling as the only revocation mechanism, provided the certificate and key are otherwise valid. s2n clients supporting TLS 1.3 and below are affected.
No AWS service was affected by this issue. s2n users should update to the latest version of s2n. AWS SDK users should use the latest versions of the AWS SDKs as a best practice.
All versions of s2n from commit e954e6e through commit 0df8de3 are affected by this issue.
Affected s2n users should fetch s2n commit b74b955.
OCSP Verification Bypass in s2n_x509_validator_validate_cert_stapled_ocsp_response()
If a private key has been inappropriately disclosed, a malicious server may trick an s2n client into accepting a revoked certificate that uses OCSP stapling as the only revocation mechanism, provided the certificate and key are otherwise valid. s2n clients supporting TLS 1.3 and below are affected.
No AWS service was affected by this issue. s2n users should update to the latest version of s2n. AWS SDK users should use the latest versions of the AWS SDKs as a best practice.
All versions of s2n from commit e954e6e through commit 0df8de3 are affected by this issue.
Affected s2n users should fetch s2n commit b74b955.