Revision - f7fe3d2 - Unauthenticated DH client certificate fix. – ENEA Mirror of the Software Heritage archive

Revision f7fe3d235abf201343c20a59f9d9c8957acc62ff authored by Dr. Stephen Henson on 23 October 2014, 19:36:17 UTC, committed by Matt Caswell on 08 January 2015, 14:14:56 UTC

Unauthenticated DH client certificate fix.

Fix to prevent use of DH client certificates without sending
certificate verify message.

If we've used a client certificate to generate the premaster secret
ssl3_get_client_key_exchange returns 2 and ssl3_get_cert_verify is
never called.

We can only skip the certificate verify message in
ssl3_get_cert_verify if the client didn't send a certificate.

Thanks to Karthikeyan Bhargavan for reporting this issue.
CVE-2015-0205
Reviewed-by: Matt Caswell <matt@openssl.org>

1 parent b2688c9

Files
Changes

Permalinks

INSTALL.OS2

 
 Installation on OS/2
 --------------------

 You need to have the following tools installed:

  * EMX GCC
  * PERL
  * GNU make


 To build the makefile, run

 > os2\os2-emx

 This will configure OpenSSL and create OS2-EMX.mak which you then use to 
 build the OpenSSL libraries & programs by running

 > make -f os2-emx.mak

 If that finishes successfully you will find the libraries and programs in the
 "out" directory.

 Alternatively, you can make a dynamic build that puts the library code into
 crypto.dll and ssl.dll by running

 > make -f os2-emx-dll.mak

 This will build the above mentioned dlls and a matching pair of import
 libraries in the "out_dll" directory along with the set of test programs
 and the openssl application.

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...