Don't mix up pre- and post-handshake verification of clients.

When verifying clients, don't consider config blocks with CA settings ('tls') which differ from the one used for verifying the certificate chain. Reported by Ralf Paffrath. Reported and analysed by Ralf Paffrath. Addresses issue RADSECPROXY-43.
author: Linus Nordberg <linus@nordu.net> 2012-09-13 15:19:22 +0200
committer: Linus Nordberg <linus@nordu.net> 2012-09-13 15:19:22 +0200
commit: db965c9bf7cf4acc0830d7b689d69d40b9ecef8c (patch)
tree: 619a9203dc468d110103fed23ced010a0dc1ee28 /ChangeLog
parent: 8d287300f510e0559f01a2e7a4dec90674215f25 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 29195f7..5f044df 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2012-09-14 1.6.1-dev
+	Bug fixes (security):
+	- When verifying clients, don't consider config blocks with CA
+	settings ('tls') which differ from the one used for verifying the
+	certificate chain. Reported by Ralf Paffrath. (RADSECPROXY-43)
+
+	Bug fixes:
+	- Make naptr-eduroam.sh check NAPTR type case insensitively.
+	  Fix from Adam Osuchowski.
+
 2012-04-27 1.6
 	Incompatible changes:
 	- The default shared secret for TLS and DTLS connections change
author	Linus Nordberg <linus@nordu.net>	2012-09-13 15:19:22 +0200
committer	Linus Nordberg <linus@nordu.net>	2012-09-13 15:19:22 +0200
commit	db965c9bf7cf4acc0830d7b689d69d40b9ecef8c (patch)
tree	619a9203dc468d110103fed23ced010a0dc1ee28 /ChangeLog
parent	8d287300f510e0559f01a2e7a4dec90674215f25 (diff)