Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP4:Update
curl.35519
curl-CVE-2024-8096.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-CVE-2024-8096.patch of Package curl.35519
From aeb1a281cab13c7ba791cb104e556b20e713941f Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Tue, 20 Aug 2024 16:14:39 +0200 Subject: [PATCH] gtls: fix OCSP stapling management Reported-by: Hiroki Kurosawa Closes #14642 --- lib/vtls/gtls.c | 146 ++++++++++++++++++++++++------------------------ 1 file changed, 73 insertions(+), 73 deletions(-) Index: curl-7.66.0/lib/vtls/gtls.c =================================================================== --- curl-7.66.0.orig/lib/vtls/gtls.c +++ curl-7.66.0/lib/vtls/gtls.c @@ -671,6 +671,13 @@ gtls_connect_step1(struct connectdata *c init_flags |= GNUTLS_NO_TICKETS; #endif +#if defined(GNUTLS_NO_STATUS_REQUEST) + if(!config->verifystatus) + /* Disable the "status_request" TLS extension, enabled by default since + GnuTLS 3.8.0. */ + init_flags |= GNUTLS_NO_STATUS_REQUEST; +#endif + rc = gnutls_init(&BACKEND->session, init_flags); if(rc != GNUTLS_E_SUCCESS) { failf(data, "gnutls_init() failed: %d", rc); @@ -1135,8 +1142,6 @@ gtls_connect_step3(struct connectdata *c rc = gnutls_ocsp_status_request_get(session, &status_request); - infof(data, "\t server certificate status verification FAILED\n"); - if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { failf(data, "No OCSP response received"); return CURLE_SSL_INVALIDCERTSTATUS; @@ -1219,11 +1224,11 @@ gtls_connect_step3(struct connectdata *c } gnutls_ocsp_resp_deinit(ocsp_resp); + if(status != GNUTLS_OCSP_CERT_GOOD) + return CURLE_SSL_INVALIDCERTSTATUS; return CURLE_SSL_INVALIDCERTSTATUS; } - else - infof(data, "\t server certificate status verification OK\n"); } else infof(data, "\t server certificate status verification SKIPPED\n");
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor