diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2013-01-24 13:30:42 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2013-02-05 16:50:31 +0000 |
| commit | 66e8211c0b1347970096e04b18aa52567c325200 (patch) | |
| tree | b466e3e26ccd1601ab5f45f79ba8d7256086eba8 /CHANGES | |
| parent | dd2dee60f343a28cd93e065c7dae7619885515ff (diff) | |
Don't try and verify signatures if key is NULL (CVE-2013-0166)
Add additional check to catch this in ASN1_item_verify too.
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -4,6 +4,10 @@ Changes between 0.9.8x and 0.9.8y [xx XXX xxxx] + *) Return an error when checking OCSP signatures when key is NULL. + This fixes a DoS attack. (CVE-2013-0166) + [Steve Henson] + *) Call OCSP Stapling callback after ciphersuite has been chosen, so the right response is stapled. Also change SSL_get_certificate() so it returns the certificate actually sent. |