Don't mix up pre- and post-handshake verification of DTLS clients.

Commit db965c9b addressed TLS clients only. When verifying DTLS clients, don't consider config blocks with CA settings ('tls') which differ from the one used for verifying the certificate chain. Original issue reported and analysed by Ralf Paffrath. DTLS being vulnerable reported by Raphael Geisser. Addresses issue RADSECPROXY-43, CVE-2012-4523.
author: Linus Nordberg <linus@torproject.org> 2012-10-19 23:23:04 +0200
committer: Linus Nordberg <linus@nordu.net> 2012-10-22 18:13:45 +0200
commit: 3682c935facf5ccd7fa600644bbb76957155c680 (patch)
tree: 2e59dc6f7e89aac6a8e220d56849890a99b615b6 /ChangeLog
parent: b04eb90fde13f88772c338ca32a55a7063f2e33d (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 39b030a..0422ffd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2012-10-22 1.6.2-dev
+	Bug fixes (security):
+	- Fix the issue with verification of clients when using multiple
+	'tls' config blocks (RADSECPROXY-43) for DTLS too. Reported by
+	Raphael Geisser.
+
 2012-09-14 1.6.1
 	Bug fixes (security):
 	- When verifying clients, don't consider config blocks with CA
author	Linus Nordberg <linus@torproject.org>	2012-10-19 23:23:04 +0200
committer	Linus Nordberg <linus@nordu.net>	2012-10-22 18:13:45 +0200
commit	3682c935facf5ccd7fa600644bbb76957155c680 (patch)
tree	2e59dc6f7e89aac6a8e220d56849890a99b615b6 /ChangeLog
parent	b04eb90fde13f88772c338ca32a55a7063f2e33d (diff)