CVS: cvs.openbsd.org: src

Brent Cook Tue, 24 Feb 2015 19:50:25 -0800

CVSROOT:        /cvs
Module name:    src
Changes by:     bc...@cvs.openbsd.org   2015/02/24 20:49:21


Modified files:
        lib/libssl/src/ssl: s3_srvr.c 

Log message:
Fix CVE-2015-0205: Do not accept client authentication with Diffie-Hellman
certificates without requiring a CertificateVerify message.

>From OpenSSL commit:
https://github.com/openssl/openssl/commit/1421e0c584ae9120ca1b88098f13d6d2e90b83a3

Thanks to Karthikeyan Bhargavan for reporting this.
ok miod@

CVS: cvs.openbsd.org: src

Reply via email to