summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssl/openssl/0003-CVE-2015-0205.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl/0003-CVE-2015-0205.patch')
-rw-r--r--meta/recipes-connectivity/openssl/openssl/0003-CVE-2015-0205.patch42
1 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/0003-CVE-2015-0205.patch b/meta/recipes-connectivity/openssl/openssl/0003-CVE-2015-0205.patch
new file mode 100644
index 0000000000..c4326d8c02
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0003-CVE-2015-0205.patch
@@ -0,0 +1,42 @@
1From 98a0f9660d374f58f79ee0efcc8c1672a805e8e8 Mon Sep 17 00:00:00 2001
2From: "Dr. Stephen Henson" <steve@openssl.org>
3Date: Thu, 23 Oct 2014 20:36:17 +0100
4Subject: [PATCH] Unauthenticated DH client certificate fix.
5
6Fix to prevent use of DH client certificates without sending
7certificate verify message.
8
9If we've used a client certificate to generate the premaster secret
10ssl3_get_client_key_exchange returns 2 and ssl3_get_cert_verify is
11never called.
12
13We can only skip the certificate verify message in
14ssl3_get_cert_verify if the client didn't send a certificate.
15
16Thanks to Karthikeyan Bhargavan for reporting this issue.
17CVE-2015-0205
18Reviewed-by: Matt Caswell <matt@openssl.org>
19
20Upstream-Status: Backport
21
22Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
23---
24 ssl/s3_srvr.c | 2 +-
25 1 file changed, 1 insertion(+), 1 deletion(-)
26
27diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
28index d883f86..fadca74 100644
29--- a/ssl/s3_srvr.c
30+++ b/ssl/s3_srvr.c
31@@ -3014,7 +3014,7 @@ int ssl3_get_cert_verify(SSL *s)
32 if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
33 {
34 s->s3->tmp.reuse_message=1;
35- if ((peer != NULL) && (type & EVP_PKT_SIGN))
36+ if (peer != NULL)
37 {
38 al=SSL_AD_UNEXPECTED_MESSAGE;
39 SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
40--
411.9.1
42