File openssl-CVE-2015-0205.patch of Package compat-openssl098.24732

Overview Repositories Revisions Requests Users Attributes Meta

File openssl-CVE-2015-0205.patch of Package compat-openssl098.24732

commit a4aa18879917d9bd45f52ac110c69303a852b7db
Author: Dr. Stephen Henson <steve@openssl.org>
Date:   Tue Jan 6 14:28:34 2015 +0000

Fix typo.
    
    Fix typo in ssl3_get_cert_verify: we can only skip certificate verify
    message if certificate is absent.
    
    NB: OpenSSL 0.9.8 is NOT vulnerable to CVE-2015-0205 as it doesn't
    support DH certificates and this typo prohibits skipping of
    certificate verify message for sign only certificates anyway.
    
    Reviewed-by: Matt Caswell <matt@openssl.org>

Index: openssl-0.9.8j/ssl/s3_srvr.c
===================================================================
--- openssl-0.9.8j.orig/ssl/s3_srvr.c	2015-01-09 15:16:41.105398031 +0100
+++ openssl-0.9.8j/ssl/s3_srvr.c	2015-01-09 15:59:26.269916629 +0100
@@ -2359,7 +2359,7 @@ int ssl3_get_cert_verify(SSL *s)
 	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
 		{
 		s->s3->tmp.reuse_message=1;
-		if ((peer != NULL) && (type | EVP_PKT_SIGN))
+		if (peer != NULL)
 			{
 			al=SSL_AD_UNEXPECTED_MESSAGE;
 			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);

Places

File openssl-CVE-2015-0205.patch of Package compat-openssl098.24732

Places