On Tue, Jul 14, 2015 at 01:23:52PM -0400, Colin Edwards wrote:
> Thank you, Kurt. The information I was getting (from some sources) was that
> the vulnerability was only present in configurations where the server was
> authenticating a client certificate. The fact is, the vulnerability applies
>
[openssl-users] CVE-2015-1793 only on cert-based client auth?
On Mon, Jul 13, 2015 at 01:03:09PM -0400, Colin Edwards wrote:
> I've been reading/hearing different opinions on the recent
> vulnerability for cert chain forging that was patched (CVE-2015-1793).
>
> Some people a
On Mon, Jul 13, 2015 at 01:03:09PM -0400, Colin Edwards wrote:
> I've been reading/hearing different opinions on the recent vulnerability
> for cert chain forging that was patched (CVE-2015-1793).
>
> Some people are saying the vulnerability only exists if a system is using
> certificate-based cli
I've been reading/hearing different opinions on the recent vulnerability
for cert chain forging that was patched (CVE-2015-1793).
Some people are saying the vulnerability only exists if a system is using
certificate-based client authentication (mutual auth, where both server and
client are authent