mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-09 06:22:54 +00:00
e232c6754d
Fixed an authentication bypass issue in SSL/TLS. When the TLS authentication mode was set to 'optional', mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when it was not trusted. This could be triggered remotely on both the client and server side. (Note, with the authentication mode set by mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake was correctly aborted). Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Tested-by: Magnus Kroken <mkroken@gmail.com> |
||
|---|---|---|
| .. | ||
| base-files | ||
| boot | ||
| devel | ||
| firmware | ||
| kernel | ||
| libs | ||
| network | ||
| system | ||
| utils | ||
| Makefile | ||