Unauthenticated DH client certificate fix. (be3fb8d1) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Commit be3fb8d1 authored Oct 23, 2014 by

Dr. Stephen Henson Committed by Matt Caswell Jan 08, 2015

Unauthenticated DH client certificate fix.



Fix to prevent use of DH client certificates without sending
certificate verify message.

If we've used a client certificate to generate the premaster secret
ssl3_get_client_key_exchange returns 2 and ssl3_get_cert_verify is
never called.

We can only skip the certificate verify message in
ssl3_get_cert_verify if the client didn't send a certificate.

Thanks to Karthikeyan Bhargavan for reporting this issue.
CVE-2015-0205
Reviewed-by: Matt Caswell <matt@openssl.org>

parent fb73f12a

Hide whitespace changes

Inline Side-by-side

Please register or to comment