]> granicus.if.org Git - apache/commit
projects / apache / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 19a0d05) | patch
Fix CVE CAN-2005-2700:
authorJoe Orton <jorton@apache.org>
Tue, 30 Aug 2005 15:57:38 +0000 (15:57 +0000)
committerJoe Orton <jorton@apache.org>
Tue, 30 Aug 2005 15:57:38 +0000 (15:57 +0000)
commita1e9d51be373b9c9e537d129a48e140232643a9e
tree35e72c8fde1a379bbf2af162ce8f70c3bb27d5f2tree | snapshot
parent19a0d050b0c3ada98885cf83f9b8754a106e7bebcommit | diff
Fix CVE CAN-2005-2700:

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that
renegotiation is performed for a transition from "SSLVerifyClient
optional" to "SSLVerifyClient require".

The boolean "verify_old & SSL_VERIFY_PEER_STRICT" is true if the old
context merely has optional verification configured, since the
definition of SSL_VERIFY_PEER_STRICT is
(SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_PEER).

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264800 13f79535-47bb-0310-9956-ffa450edef68
CHANGES diff | blob | history
modules/ssl/ssl_engine_kernel.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.