• Linus Nordberg's avatar
    Don't mix up pre- and post-handshake verification of DTLS clients. · 3682c935
    Linus Nordberg authored
    Commit db965c9b addressed TLS clients only.
    
    When verifying DTLS clients, don't consider config blocks with CA
    settings ('tls') which differ from the one used for verifying the
    certificate chain.
    
    Original issue reported and analysed by Ralf Paffrath. DTLS being
    vulnerable reported by Raphael Geisser.
    
    Addresses issue RADSECPROXY-43, CVE-2012-4523.
    3682c935
dtls.c 20 KB