id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
468	X509_NAME_oneline and strings	Jeffrey Walton		"X509_NAME_oneline does not handle embedded NULLs properly (among other issues). From the OpenSSL docs (https://www.openssl.org/docs/crypto/X509_NAME_print_ex.html): ""The functions X509_NAME_oneline() and X509_NAME_print() are legacy functions which produce a non standard output form, they don't handle multi character fields and have various quirks and inconsistencies. Their use is strongly discouraged in new applications.""

The attacks have been used in practice. ""More Tricks For Defeating SSL In Practice"", https://www.blackhat.com/presentations/bh-usa-09/MARLINSPIKE/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdf."	defect	closed	minor		nginx-core		worksforme	openssl certifcate validation		"$ uname -a
Darwin riemann.home.pvt 12.5.0 Darwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64 x86_64"	"$ objs/nginx -V
nginx version: nginx/1.4.4
TLS SNI support enabled
configure arguments: --with-http_ssl_module"