Revision f7fe3d235abf201343c20a59f9d9c8957acc62ff authored by Dr. Stephen Henson on 23 October 2014, 19:36:17 UTC, committed by Matt Caswell on 08 January 2015, 14:14:56 UTC
Fix to prevent use of DH client certificates without sending certificate verify message. If we've used a client certificate to generate the premaster secret ssl3_get_client_key_exchange returns 2 and ssl3_get_cert_verify is never called. We can only skip the certificate verify message in ssl3_get_cert_verify if the client didn't send a certificate. Thanks to Karthikeyan Bhargavan for reporting this issue. CVE-2015-0205 Reviewed-by: Matt Caswell <matt@openssl.org>
1 parent b2688c9
engine_vector.mar
;
; Transfer vector for VAX shareable image
;
.TITLE ENGINE
.IDENT /ENGINE/
;
; Define macro to assist in building transfer vector entries. Each entry
; should take no more than 8 bytes.
;
.MACRO FTRANSFER_ENTRY routine
.ALIGN QUAD
.TRANSFER routine
.MASK routine
JMP routine+2
.ENDM FTRANSFER_ENTRY
;
; Place entries in own program section.
;
.PSECT $$ENGINE,QUAD,PIC,USR,CON,REL,LCL,SHR,EXE,RD,NOWRT
ENGINE_xfer:
FTRANSFER_ENTRY bind_engine
FTRANSFER_ENTRY v_check
.BLKB 32768-<.-ENGINE_xfer> ; 64 pages total.
.END
Computing file changes ...
