diff options
author | Stefan Bühler <stbuehler@web.de> | 2013-11-05 15:29:07 +0000 |
---|---|---|
committer | Stefan Bühler <stbuehler@web.de> | 2013-11-05 15:29:07 +0000 |
commit | 1af871fcef97574c71870309d572d6b1026ee605 (patch) | |
tree | 5b6312ab52f646e43583bf8a5d60f523bd2a9319 /autogen.sh | |
parent | 3ce548c8d0759c201ba0bcecbc45661cfd22c792 (diff) | |
download | lighttpd-git-1af871fcef97574c71870309d572d6b1026ee605.tar.gz |
[ssl] fix SNI handling; only use key+cert+verify-client from SNI specific config (fixes #2525, CVE-2013-4508)
pull all ssl.ca-file values into all SSL_CTXs, but use only the local
ssl.ca-file for verify-client; correct SNI name is no requirement,
so enforcing verification for a subset of SNI names doesn't actually
protect those.
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2913 152afb58-edef-0310-8abb-c4023f1b3aa9
Diffstat (limited to 'autogen.sh')
0 files changed, 0 insertions, 0 deletions