CVSROOT: /cvs Module name: src Changes by: [email protected] 2015/02/24 20:49:21
Modified files:
lib/libssl/src/ssl: s3_srvr.c
Log message:
Fix CVE-2015-0205: Do not accept client authentication with Diffie-Hellman
certificates without requiring a CertificateVerify message.
>From OpenSSL commit:
https://github.com/openssl/openssl/commit/1421e0c584ae9120ca1b88098f13d6d2e90b83a3
Thanks to Karthikeyan Bhargavan for reporting this.
ok miod@
