> I would love to know what happened on Nintendo's side.
I suspect it's just a normal, regular software bug.
SSL code is often complicated, and the faulty code probably passed a bunch of tests. As the software update was for a decade-old product, which had been discontinued for 4 years, the people who were best placed to spot the new bug had probably already moved on to other projects.
Why mess with the SSL stuff at all? I can't say for sure, but SSL makes it easy to accidentally create a time bomb by, for example, hardcoding a certificate with an expiry date 10 years away. Or a console might have special requirements. For example, a user can leave a device in a cupboard for 5 years without turning it on, so the software update procedure needs extreme backwards compatibility.
> TLS libraries by default don't have this behavior.
No, but the most popular one gives you just a callback and people end up using that to build their own insecure, weird strategies.
That's how we end up with things like "the certificate is valid if the issuer DN is this hardcoded string" (very common attempt at pinning an issuer), or "the certificate chain is valid if the chain contains this precise value" (this one, likely another failed attempt at pinning), or indeed the Hashicorp Vault vuln the other week which was roughly "the certificate is valid if it has the right AKID and serial number".
Or it’s two separate bugs that were introduced at wildly different times (which the article mentions; the first bug was there pre-5.5.5 but useless on its own).
It’s quite a stretch to say that an engineer designed a multi-year project to surreptitiously break TLS so third party stores could be used without CFW (which is also pretty trivial to do on the WiiU).
I suspect it's just a normal, regular software bug.
SSL code is often complicated, and the faulty code probably passed a bunch of tests. As the software update was for a decade-old product, which had been discontinued for 4 years, the people who were best placed to spot the new bug had probably already moved on to other projects.
Why mess with the SSL stuff at all? I can't say for sure, but SSL makes it easy to accidentally create a time bomb by, for example, hardcoding a certificate with an expiry date 10 years away. Or a console might have special requirements. For example, a user can leave a device in a cupboard for 5 years without turning it on, so the software update procedure needs extreme backwards compatibility.