/[Apache-SVN]
ViewVC logotype

Revision 264800

Jump to revision: Previous Next
Author: jorton
Date: Tue Aug 30 15:57:38 2005 UTC (19 years, 2 months ago)
Changed paths: 2
Log Message: 
Fix CVE CAN-2005-2700:

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that
renegotiation is performed for a transition from "SSLVerifyClient
optional" to "SSLVerifyClient require".

The boolean "verify_old & SSL_VERIFY_PEER_STRICT" is true if the old
context merely has optional verification configured, since the
definition of SSL_VERIFY_PEER_STRICT is
(SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_PEER).

Changed paths

Path Details
Directoryhttpd/httpd/trunk/CHANGES modified , text changed
Directoryhttpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c modified , text changed
infrastructure at apache.org
 ViewVC Help
Powered by ViewVC 1.1.26