69ac637fbb
Fixed an authentication bypass issue in SSL/TLS. When the TLS authentication mode was set to 'optional', mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when it was not trusted. This could be triggered remotely on both the client and server side. (Note, with the authentication mode set by mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake was correctly aborted). Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Tested-by: Magnus Kroken <mkroken@gmail.com> |
||
|---|---|---|
| .. | ||
| argp-standalone | ||
| cyassl | ||
| elfutils | ||
| gettext | ||
| gettext-full | ||
| gmp | ||
| libbsd | ||
| libconfig | ||
| libevent2 | ||
| libiconv | ||
| libiconv-full | ||
| libjson-c | ||
| libmnl | ||
| libnetfilter-conntrack | ||
| libnetfilter-cthelper | ||
| libnetfilter-cttimeout | ||
| libnetfilter-log | ||
| libnetfilter-queue | ||
| libnfnetlink | ||
| libnftnl | ||
| libnl | ||
| libnl-tiny | ||
| libpcap | ||
| libroxml | ||
| librpc | ||
| libtool | ||
| libubox | ||
| libunwind | ||
| libusb | ||
| libusb-compat | ||
| lzo | ||
| mbedtls | ||
| ncurses | ||
| nettle | ||
| openssl | ||
| popt | ||
| readline | ||
| sysfsutils | ||
| toolchain | ||
| uclibc++ | ||
| uclient | ||
| ustream-ssl | ||
| zlib | ||