Skip to content
Permalink
Browse files Browse the repository at this point in the history
Unauthenticated DH client certificate fix.
Fix to prevent use of DH client certificates without sending
certificate verify message.

If we've used a client certificate to generate the premaster secret
ssl3_get_client_key_exchange returns 2 and ssl3_get_cert_verify is
never called.

We can only skip the certificate verify message in
ssl3_get_cert_verify if the client didn't send a certificate.

Thanks to Karthikeyan Bhargavan for reporting this issue.
CVE-2015-0205
Reviewed-by: Matt Caswell <matt@openssl.org>
  • Loading branch information
snhenson authored and mattcaswell committed Jan 8, 2015
1 parent a7a44ba commit 1421e0c
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion ssl/s3_srvr.c
Expand Up @@ -3056,7 +3056,7 @@ int ssl3_get_cert_verify(SSL *s)
if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
{
s->s3->tmp.reuse_message=1;
if ((peer != NULL) && (type & EVP_PKT_SIGN))
if (peer != NULL)
{
al=SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
Expand Down

0 comments on commit 1421e0c

Please sign in to comment.