| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During certificate verification, OpenSSL (starting from version 1.0.1n and
1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this
logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use a valid
leaf certificate to act as a CA and "issue" an invalid certificate.
This issue will impact any application that verifies certificates including
SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 46285
|
| |
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 45946
|
| |
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 44900
|
| |
|
|
|
|
|
|
| |
Fixes CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 44332
|
| |
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 43875
|
| |
|
|
|
|
|
|
| |
Also refresh patches and bump copyright year in Makefile.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 42929
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This version includes this changes:
Don't include gmt_unix_time in TLS server and client random values
Fix for TLS record tampering bug CVE-2013-4353
Fix for TLS version checking bug CVE-2013-6449
Fix for DTLS retransmission bug CVE-2013-6450
Signed-off-by: Peter Wagner <tripolar@gmx.at>
SVN-Revision: 39853
|
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 37927
|
