SubjectAlternativeName
and ExtendedKeyUsage
arguments were parsed using the OpenSSL function X509V3_EXT_nconf
. This function parses all input using an OpenSSL mini-language which can perform arbitrary file reads.
Thanks to David Benjamin (Google) for reporting this issue.