/ 
Crypt-Perl-0.30
/ Crypt::Perl::X509::Extension::certificatePolicies
Security Advisories (2)
CVE-2020-17478 (2020-08-10)

ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm.

CVE-2020-13895 (2020-06-07)

Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 (prime256v1). This could conceivably have a security-relevant impact if an attacker wishes to use public r and s values when guessing whether signature verification will fail.

NAME

Crypt::Perl::X509::Extension::certificatePolicies

SYNOPSIS

Crypt::Perl::X509::Extension::certificatePolicies->new(
    [ 'domain-validated' ],
    [ '1.3.6.1.4.1.6449.1.2.2.52',
        [ cps => 'http://cps.url' ],
        [ cps => 'http://cps.url2' ],
    ],
    [ '1.2.3.4.5.6.7.8',
        [ unotice => {

            #NB: “Conforming CAs SHOULD NOT use the noticeRef option.”
            noticeRef => {
                organization => 'FooFoo',
                noticeNumbers => [ 12, 23, 34 ],
            },

            explicitText => 'apple',
        } ],
    ],
);