projects / radsecproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b04eb90) | patch
Don't mix up pre- and post-handshake verification of DTLS clients.
authorLinus Nordberg <linus@torproject.org>
Fri, 19 Oct 2012 21:23:04 +0000 (23:23 +0200)
committerLinus Nordberg <linus@nordu.net>
Mon, 22 Oct 2012 16:13:45 +0000 (18:13 +0200)
commit3682c935facf5ccd7fa600644bbb76957155c680
tree2e59dc6f7e89aac6a8e220d56849890a99b615b6tree | snapshot
parentb04eb90fde13f88772c338ca32a55a7063f2e33dcommit | diff
Don't mix up pre- and post-handshake verification of DTLS clients.

Commit db965c9b addressed TLS clients only.

When verifying DTLS clients, don't consider config blocks with CA
settings ('tls') which differ from the one used for verifying the
certificate chain.

Original issue reported and analysed by Ralf Paffrath. DTLS being
vulnerable reported by Raphael Geisser.

Addresses issue RADSECPROXY-43, CVE-2012-4523.
ChangeLog diff | blob | history
dtls.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.