Changeset 01b5d85 in mod_gnutls


Ignore:
Timestamp:
Apr 4, 2015, 5:17:18 PM (4 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
351b51f
Parents:
c4a015b (diff), 9e35c48 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

Merge branch 'client-verify-fix' into new-gnutls-api

Merge the fix for CVE-2015-2091 [1] for anyone who might want to use
this branch despite broken OpenPGP support.

[1] https://security-tracker.debian.org/tracker/CVE-2015-2091

Files:
5 added
3 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_hooks.c

    rc4a015b r01b5d85  
    849849        }
    850850        rv = mgs_cert_verify(r, ctxt);
    851         if (rv != DECLINED &&
    852                 (rv != HTTP_FORBIDDEN ||
    853                 dc->client_verify_mode == GNUTLS_CERT_REQUIRE)) {
     851        if (rv != DECLINED
     852            && (rv != HTTP_FORBIDDEN
     853                || dc->client_verify_mode == GNUTLS_CERT_REQUIRE
     854                || (dc->client_verify_mode == -1
     855                    && ctxt->sc->client_verify_mode == GNUTLS_CERT_REQUIRE)))
     856        {
    854857            return rv;
    855858        }
  • test/Makefile.am

    rc4a015b r01b5d85  
    1818endif
    1919TESTS += test-16_view-status.bash \
    20         test-17_cgi_vars_large_cert.bash
     20        test-17_cgi_vars_large_cert.bash \
     21        test-18_client_verification_wrong_cert.bash
    2122
    2223clean-local:
  • test/runtests

    rc4a015b r01b5d85  
    8181    trap apache_down_err EXIT
    8282    if [ -n "${USE_MSVA}" ]; then
    83         ${flock_cmd} \
    84             MONKEYSPHERE_VALIDATION_AGENT_SOCKET="http://127.0.0.1:$MSVA_PORT" \
     83        MONKEYSPHERE_VALIDATION_AGENT_SOCKET="http://127.0.0.1:$MSVA_PORT" \
     84            ${flock_cmd} \
    8585            /usr/sbin/apache2 -f "$(pwd)/apache.conf" -k start \
    8686            || [ -e fail.server ]
Note: See TracChangeset for help on using the changeset viewer.