You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed that the version of OpenSSL in this repo is subject to a recent security vulnerability (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449). The issue can be resolved by updating to the latest version of OpenSSL or applying the following patch to ssl/statem/extensions.c (the line numbers in the patch might not exactly line up depending on what version of OpenSSL you have):
@@ -1137,8 +1137,9 @@
static int init_sig_algs(SSL *s, unsigned int context)
{
/* Clear any signature algorithms extension received */
OPENSSL_free(s->s3->tmp.peer_sigalgs);
s->s3->tmp.peer_sigalgs = NULL;
+ s->s3->tmp.peer_sigalgslen = 0;
return 1;
}
The text was updated successfully, but these errors were encountered:
Hello,
I noticed that the version of OpenSSL in this repo is subject to a recent security vulnerability (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449). The issue can be resolved by updating to the latest version of OpenSSL or applying the following patch to ssl/statem/extensions.c (the line numbers in the patch might not exactly line up depending on what version of OpenSSL you have):
The text was updated successfully, but these errors were encountered: