wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Unauthenticated DH client certificate fix.

Browse source 
Fix to prevent use of DH client certificates without sending
certificate verify message.

If we've used a client certificate to generate the premaster secret
ssl3_get_client_key_exchange returns 2 and ssl3_get_cert_verify is
never called.

We can only skip the certificate verify message in
ssl3_get_cert_verify if the client didn't send a certificate.

Thanks to Karthikeyan Bhargavan for reporting this issue.
CVE-2015-0205
Reviewed-by: Matt Caswell <matt@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2014-10-23 20:36:17 +01:00 committed by Matt Caswell
parent b2688c9161
commit f7fe3d235a
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
ssl/s3_srvr.c
View file

@ -2765,7 +2765,7 @@ int ssl3_get_cert_verify(SSL *s)
if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
{ {
s->s3->tmp.reuse_message=1; s->s3->tmp.reuse_message=1;
if ((peer != NULL) && (type & EVP_PKT_SIGN)) if (peer != NULL)
{ {
al=SSL_AD_UNEXPECTED_MESSAGE; al=SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE); SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);