If the client provides a TLS certificate and the user specifies a - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	bluhm <>	2020-01-07 17:36:04 +0000
committer	bluhm <>	2020-01-07 17:36:04 +0000
commit	b21a4eb78e7b251470d32e7928506abb435895c1 (patch)
tree	342a1c3e2994083f59d67bc7c58aa52b131ec65f /src/lib/libssl/tls13_lib.c
parent	b8844269b96f15a322554b949b65541ae33bd2aa (diff)
download	openbsd-b21a4eb78e7b251470d32e7928506abb435895c1.tar.gz openbsd-b21a4eb78e7b251470d32e7928506abb435895c1.tar.bz2 openbsd-b21a4eb78e7b251470d32e7928506abb435895c1.zip

If the client provides a TLS certificate and the user specifies a

hash value on the nc(1) server command line, the netcat server must use the TLS context of the accepted socket for verification. As the listening socket was used instead, the verification was always successful. If the peer provides a certificate, there must be a hash. Make the hash verification fail safe. OK tb@

Diffstat (limited to 'src/lib/libssl/tls13_lib.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: