diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2013-01-24 13:30:42 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-04-01 16:37:51 +0100 |
commit | b48310627d1fdc58f64ccf208ac82c732e654dca (patch) | |
tree | 918e679e429cdad1bdd908291ac8fd16310f3bff /CHANGES | |
parent | 5a49001bde4e0cf8e34da55a9cfe9b5255275e10 (diff) |
Don't try and verify signatures if key is NULL (CVE-2013-0166)
Add additional check to catch this in ASN1_item_verify too.
(cherry picked from commit 66e8211c0b1347970096e04b18aa52567c325200)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -2038,6 +2038,10 @@ This fixes a DoS attack. (CVE-2013-0166) [Steve Henson] + *) Return an error when checking OCSP signatures when key is NULL. + This fixes a DoS attack. (CVE-2013-0166) + [Steve Henson] + *) Call OCSP Stapling callback after ciphersuite has been chosen, so the right response is stapled. Also change SSL_get_certificate() so it returns the certificate actually sent. |