On Sat, Jul 7, 2012 at 2:27 PM, <
proper@...> wrote:
> Hello,
>
> is it possible to sign a foreign SSL public key without having CSR/private key?
>
> Background:
> Because the public root CA's failed at least twice (DigiNotar, Comodo), I'd like to pin a SSL certificate from a website I have no control over. (Therefore I no access the the private key and can subsequently also not create a CSR.) Pin the SSL cert by using a local self signed CA.
>
Sorry to dig up an old topic.
From "Hacker Bypasses Apple's iOS In-App Purchases,"
http://www.esecurityplanet.com/mobile-security/hacker-bypasses-apples-ios-in-app-purchases.html: "Essentially, this circumvention technique relies
on installing certificates for a fake in-app purchase
server as well as a custom DNS server," writes
ZDNet's Emil Protalinski. "The latter's IP address
is then mapped to the former, which in turn allows
all 'purchases' to go through.
PKI and DNS are complicit here, also. I'm not sure if Apple exposes
any pinning functionality in their StoreKit API.
Jeff
______________________________________________________________________
OpenSSL Project
http://www.openssl.orgUser Support Mailing List
openssl-users@...
Automated List Manager
majordomo@...
