otaup call external openssl command to verify signatures.
If the openssl process exits with 0,then otaup script will happy to accept it.
So, is it possible to to make a malformed sig file to let openssl exit with 0?
Or use special script file name to bypass openssl?
|