Thanks to feedback from Xidian University we’ve improved the strictness of the X.509 checking in the wolfSSL embedded TLS library. Xidian researchers wrote a tool to take the RFC 5280 specification and parse for “MUST” clauses and generate certificates to test these criteria. They found three places wolfSSL was not strictly enforcing the RFC. Although these were non-critical issues its a great example of why open source security software is so effective.
Details for these improvements can be found on GitHub in pull request (PR) #1353 here:
https://github.com/wolfSSL/wolfssl/pull/1353
These changes are included in the 3/2/18 release v3.14.0, which can be downloaded from the wolfSSL Download Page:
For more information please email us at facts@wolfssl.com.