openwrtv4

History

Kevin Darbyshire-Bryant 69ac637fbb mbedtls: update to 2.6.0 CVE-2017-14032 Fixed an authentication bypass issue in SSL/TLS. When the TLS authentication mode was set to 'optional', mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when it was not trusted. This could be triggered remotely on both the client and server side. (Note, with the authentication mode set by mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake was correctly aborted). Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Tested-by: Magnus Kroken <mkroken@gmail.com>	2017-09-11 01:56:14 +02:00
..
patches	mbedtls: update to 2.6.0 CVE-2017-14032	2017-09-11 01:56:14 +02:00
Makefile	mbedtls: update to 2.6.0 CVE-2017-14032	2017-09-11 01:56:14 +02:00

Kevin Darbyshire-Bryant 69ac637fbb mbedtls: update to 2.6.0 CVE-2017-14032

Fixed an authentication bypass issue in SSL/TLS. When the TLS
authentication mode was set to 'optional',
mbedtls_ssl_get_verify_result() would incorrectly return 0 when the
peer's X.509 certificate chain had more than
MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when
it was not trusted. This could be triggered remotely on both the client
and server side. (Note, with the authentication mode set by
mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake
was correctly aborted).

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Tested-by: Magnus Kroken <mkroken@gmail.com>

2017-09-11 01:56:14 +02:00

patches

mbedtls: update to 2.6.0 CVE-2017-14032

2017-09-11 01:56:14 +02:00

Makefile

mbedtls: update to 2.6.0 CVE-2017-14032

2017-09-11 01:56:14 +02:00