On Tue, Jul 14, 2015 at 01:23:52PM -0400, Colin Edwards wrote: > Thank you, Kurt. The information I was getting (from some sources) was that > the vulnerability was only present in configurations where the server was > authenticating a client certificate. The fact is, the vulnerability applies > to certificate validation regardless of if it's on the client or server > side.
Right, and validation doesn't even have to be about TLS either. It's about any check of a certificate chain. Kurt _______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
