allow acknowledged CVEs

author Alan T. DeKok <aland@freeradius.org>

Mon, 26 Sep 2016 11:40:04 +0000 (07:40 -0400)

committer Alan T. DeKok <aland@freeradius.org>

Mon, 26 Sep 2016 11:40:04 +0000 (07:40 -0400)
author Alan T. DeKok <aland@freeradius.org>
Mon, 26 Sep 2016 11:40:04 +0000 (07:40 -0400)
committer Alan T. DeKok <aland@freeradius.org>
Mon, 26 Sep 2016 11:40:04 +0000 (07:40 -0400)
diff --git a/src/main/tls.c b/src/main/tls.c

index b126f5f..6b6090e 100644 (file)
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -2466,6 +2466,11 @@ int tls_global_version_check(char const *acknowledged)
                 libssl_defect_t *defect = &libssl_defects[i];
  
                 if ((v >= defect->low) && (v <= defect->high)) {
+                       /*
+                        *      If the CVE is acknowledged, allow it.
+                        */
+                       if (strcmp(acknowledged, defect->name) == 0) return 0;
+
                         ERROR("Refusing to start with libssl version %s (in range %s)",
                               ssl_version(), ssl_version_range(defect->low, defect->high));
                         ERROR("Security advisory %s (%s)", defect->id, defect->name);
author	Alan T. DeKok <aland@freeradius.org>
	Mon, 26 Sep 2016 11:40:04 +0000 (07:40 -0400)
committer	Alan T. DeKok <aland@freeradius.org>
	Mon, 26 Sep 2016 11:40:04 +0000 (07:40 -0400)