CVE-2015-1793 only on cert-based client auth?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Jul 14, 2015 at 01:23:52PM -0400, Colin Edwards wrote:
> Thank you, Kurt.  The information I was getting (from some sources) was that
> the vulnerability was only present in configurations where the server was
> authenticating a client certificate.  The fact is, the vulnerability applies
> to certificate validation regardless of if it's on the client or server
> side.

Right, and validation doesn't even have to be about TLS either.
It's about any check of a certificate chain.


Kurt
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux