Skip to content

Commit 1421e0c

Browse files
snhensonmattcaswell
authored andcommitted
Unauthenticated DH client certificate fix.
Fix to prevent use of DH client certificates without sending certificate verify message. If we've used a client certificate to generate the premaster secret ssl3_get_client_key_exchange returns 2 and ssl3_get_cert_verify is never called. We can only skip the certificate verify message in ssl3_get_cert_verify if the client didn't send a certificate. Thanks to Karthikeyan Bhargavan for reporting this issue. CVE-2015-0205 Reviewed-by: Matt Caswell <matt@openssl.org>
1 parent a7a44ba commit 1421e0c

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: ssl/s3_srvr.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -3056,7 +3056,7 @@ int ssl3_get_cert_verify(SSL *s)
30563056
if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
30573057
{
30583058
s->s3->tmp.reuse_message=1;
3059-
if ((peer != NULL) && (type & EVP_PKT_SIGN))
3059+
if (peer != NULL)
30603060
{
30613061
al=SSL_AD_UNEXPECTED_MESSAGE;
30623062
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);

0 commit comments

Comments
 (0)