Skip to content

Commit

Permalink
Unauthenticated DH client certificate fix.
Browse files Browse the repository at this point in the history
Fix to prevent use of DH client certificates without sending
certificate verify message.

If we've used a client certificate to generate the premaster secret
ssl3_get_client_key_exchange returns 2 and ssl3_get_cert_verify is
never called.

We can only skip the certificate verify message in
ssl3_get_cert_verify if the client didn't send a certificate.

Thanks to Karthikeyan Bhargavan for reporting this issue.
CVE-2015-0205
Reviewed-by: Matt Caswell <matt@openssl.org>
  • Loading branch information
snhenson authored and mattcaswell committed Jan 8, 2015
1 parent 45fe66b commit 98a0f96
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion ssl/s3_srvr.c
Original file line number Diff line number Diff line change
Expand Up @@ -3014,7 +3014,7 @@ int ssl3_get_cert_verify(SSL *s)
if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
{
s->s3->tmp.reuse_message=1;
if ((peer != NULL) && (type & EVP_PKT_SIGN))
if (peer != NULL)
{
al=SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
Expand Down

0 comments on commit 98a0f96

Please sign in to comment.