diff options
author | Ben Laurie <ben@openssl.org> | 2008-12-02 13:36:47 +0000 |
---|---|---|
committer | Ben Laurie <ben@openssl.org> | 2008-12-02 13:36:47 +0000 |
commit | 6fa4cd71365615b97e9e07a2b55baaeb0ec924e8 (patch) | |
tree | 4048e49342e4ae387f3156b90ed25a1acce20057 /apps | |
parent | 505ed2b0761b29520381d248c42503fd7665d05c (diff) |
Warn about JPAKE brokenness.
Diffstat (limited to 'apps')
-rw-r--r-- | apps/apps.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/apps/apps.c b/apps/apps.c index 5a5d1d3c45..367eb177e1 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -2521,7 +2521,14 @@ void jpake_client_auth(BIO *out, BIO *conn, const char *secret) jpake_send_step3a(bconn, ctx); jpake_receive_step3b(ctx, bconn); - BIO_puts(out, "JPAKE authentication succeeded\n"); + /* + * The problem is that you must use the derived key in the + * session key or you are subject to man-in-the-middle + * attacks. + */ + BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can" + " be MitMed. See the version in HEAD for how to do it" + " properly)\n"); BIO_pop(bconn); BIO_free(bconn); @@ -2546,7 +2553,14 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret) jpake_receive_step3a(ctx, bconn); jpake_send_step3b(bconn, ctx); - BIO_puts(out, "JPAKE authentication succeeded\n"); + /* + * The problem is that you must use the derived key in the + * session key or you are subject to man-in-the-middle + * attacks. + */ + BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can" + " be MitMed. See the version in HEAD for how to do it" + " properly)\n"); BIO_pop(bconn); BIO_free(bconn); |