• Linus Nordberg's avatar
    Don't mix up pre- and post-handshake verification of DTLS clients. · 3682c935
    Linus Nordberg authored
    Commit db965c9b addressed TLS clients only.
    
    When verifying DTLS clients, don't consider config blocks with CA
    settings ('tls') which differ from the one used for verifying the
    certificate chain.
    
    Original issue reported and analysed by Ralf Paffrath. DTLS being
    vulnerable reported by Raphael Geisser.
    
    Addresses issue RADSECPROXY-43, CVE-2012-4523.
    3682c935
Name
Last commit
Last update
packaging Loading commit data...
tests Loading commit data...
tools Loading commit data...
.gitignore Loading commit data...
AUTHORS Loading commit data...
COPYING Loading commit data...
ChangeLog Loading commit data...
INSTALL Loading commit data...
LICENSE Loading commit data...
Makefile.am Loading commit data...
NEWS Loading commit data...
README Loading commit data...
THANKS Loading commit data...
acinclude.m4 Loading commit data...
aclocal.m4 Loading commit data...
autogen.sh Loading commit data...
catgconf.c Loading commit data...
compile Loading commit data...
config.guess Loading commit data...
config.sub Loading commit data...
configure.ac Loading commit data...
debug.c Loading commit data...
debug.h Loading commit data...
depcomp Loading commit data...
develdoc.txt Loading commit data...
dtls.c Loading commit data...
dtls.h Loading commit data...
dynsrv.sh Loading commit data...
fticks.c Loading commit data...
fticks.h Loading commit data...
fticks_hashmac.c Loading commit data...
fticks_hashmac.h Loading commit data...
gconfig.c Loading commit data...
gconfig.h Loading commit data...
gconfig.txt Loading commit data...
hash.c Loading commit data...
hash.h Loading commit data...
hostport.c Loading commit data...
hostport.h Loading commit data...
install-sh Loading commit data...
list.c Loading commit data...
list.h Loading commit data...
main.c Loading commit data...
missing Loading commit data...
radmsg.c Loading commit data...
radmsg.h Loading commit data...
radsecproxy-hash.1 Loading commit data...
radsecproxy-hash.c Loading commit data...
radsecproxy.1 Loading commit data...
radsecproxy.c Loading commit data...
radsecproxy.conf-example Loading commit data...
radsecproxy.conf.5.xml Loading commit data...
radsecproxy.h Loading commit data...
tcp.c Loading commit data...
tcp.h Loading commit data...
tls.c Loading commit data...
tls.h Loading commit data...
tlscommon.c Loading commit data...
tlscommon.h Loading commit data...
tlv11.c Loading commit data...
tlv11.h Loading commit data...
udp.c Loading commit data...
udp.h Loading commit data...
util.c Loading commit data...
util.h Loading commit data...