Changeset 01b5d85 in mod_gnutls for src/gnutls_hooks.c


Ignore:
Timestamp:
Apr 4, 2015, 5:17:18 PM (5 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
351b51f
Parents:
c4a015b (diff), 9e35c48 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

Merge branch 'client-verify-fix' into new-gnutls-api

Merge the fix for CVE-2015-2091 [1] for anyone who might want to use
this branch despite broken OpenPGP support.

[1] https://security-tracker.debian.org/tracker/CVE-2015-2091

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_hooks.c

    rc4a015b r01b5d85  
    849849        }
    850850        rv = mgs_cert_verify(r, ctxt);
    851         if (rv != DECLINED &&
    852                 (rv != HTTP_FORBIDDEN ||
    853                 dc->client_verify_mode == GNUTLS_CERT_REQUIRE)) {
     851        if (rv != DECLINED
     852            && (rv != HTTP_FORBIDDEN
     853                || dc->client_verify_mode == GNUTLS_CERT_REQUIRE
     854                || (dc->client_verify_mode == -1
     855                    && ctxt->sc->client_verify_mode == GNUTLS_CERT_REQUIRE)))
     856        {
    854857            return rv;
    855858        }
Note: See TracChangeset for help on using the changeset viewer.