Store verify_result with sessions to avoid potential security hole.

For the server side this was already done one year ago :-(
author: Lutz Jänicke <jaenicke@openssl.org> 2000-11-29 18:12:32 +0000
committer: Lutz Jänicke <jaenicke@openssl.org> 2000-11-29 18:12:32 +0000
commit: 673d7ac12144185f9729dd014ccab4fc4d13a43a (patch)
tree: 918c851e0711938b8fdc17dc361097b593b84f9c /CHANGES
parent: 666d43753884145f56b83651416156442a5a993e (diff)
download: openssl-673d7ac12144185f9729dd014ccab4fc4d13a43a.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index b2cfdf7e51..845bf5fd8c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 0.9.6 and 0.9.6a  [xx XXX 2000]
 
+  *) Store verify_result within SSL_SESSION also for client side to
+     avoid potential security hole. (Re-used sessions on the client side
+     always resulted in verify_result==X509_V_OK, not using the original
+     result of the server certificate verification.)
+     [Lutz Jaenicke]
+
   *) Disable ssl2_peek and ssl3_peek (i.e., both implementations
      of SSL_peek) because they both are completely broken.
      They will be fixed RSN by adding an additional 'peek' parameter
author	Lutz Jänicke <jaenicke@openssl.org>	2000-11-29 18:12:32 +0000
committer	Lutz Jänicke <jaenicke@openssl.org>	2000-11-29 18:12:32 +0000
commit	673d7ac12144185f9729dd014ccab4fc4d13a43a (patch)
tree	918c851e0711938b8fdc17dc361097b593b84f9c /CHANGES
parent	666d43753884145f56b83651416156442a5a993e (diff)
download	openssl-673d7ac12144185f9729dd014ccab4fc4d13a43a.tar.gz