wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Warn about JPAKE brokenness.

Browse source
This commit is contained in:
Ben Laurie 2008-12-02 13:36:47 +00:00
parent 505ed2b076
commit 6fa4cd7136
1 changed files with 16 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
apps/apps.c
View file

@ -2521,7 +2521,14 @@ void jpake_client_auth(BIO *out, BIO *conn, const char *secret)
jpake_send_step3a(bconn, ctx);
jpake_receive_step3b(ctx, bconn);
BIO_puts(out, "JPAKE authentication succeeded\n");
/*
* The problem is that you must use the derived key in the
* session key or you are subject to man-in-the-middle
* attacks.
*/
BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can"
" be MitMed. See the version in HEAD for how to do it"
" properly)\n");
BIO_pop(bconn);
BIO_free(bconn);
@ -2546,7 +2553,14 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
jpake_receive_step3a(ctx, bconn);
jpake_send_step3b(bconn, ctx);
BIO_puts(out, "JPAKE authentication succeeded\n");
/*
* The problem is that you must use the derived key in the
* session key or you are subject to man-in-the-middle
* attacks.
*/
BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can"
" be MitMed. See the version in HEAD for how to do it"
" properly)\n");
BIO_pop(bconn);
BIO_free(bconn);