Commit 3682c935 authored by Committed by Linus Nordberg
Don't mix up pre- and post-handshake verification of DTLS clients.
Commit db965c9b addressed TLS clients only. When verifying DTLS clients, don't consider config blocks with CA settings ('tls') which differ from the one used for verifying the certificate chain. Original issue reported and analysed by Ralf Paffrath. DTLS being vulnerable reported by Raphael Geisser. Addresses issue RADSECPROXY-43, CVE-2012-4523.
Showing with 9 additions and 1 deletion