[ANNOUNCE] mod_ssl 2.8.24-1.3.33

Ralf S. Engelschall
Fri, 02 Sep 2005 14:06:03 -0700

A subtle security bug (CAN-2005-2700) was discovered in mod_ssl where
where "SSLVerifyClient require" was not enforced in per-location context
if "SSLVerifyClient optional" was configured in the global virtual
host configuration. This bug is now fixed in mod_ssl 2.8.24 for Apache
1.3.33. Get it from:

  o http://www.modssl.org/source/
  o  ftp://ftp.modssl.org/source/

                                       Ralf S. Engelschall
                                       [EMAIL PROTECTED]
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to