Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 22 Feb 2015 12:32:36 +0000 (UTC)
From: S├ębastien Delafond <>
Subject: CVE Request: mod-gnutls: GnuTLSClientVerify require is ignored


mod-gnutls doesn't consider the server's client verify mode, even if the
verify mode was unset in the directory configuration. As a result,
invalid certificates are ignored and clients can connect and receive
data as long as they presented any certificate whatsoever.

  Debian bug:
  Patch and detailed description:

Could you please assign a CVE for this issue ?



Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ