From 673d7ac12144185f9729dd014ccab4fc4d13a43a Mon Sep 17 00:00:00 2001
From: Lutz Jänicke <jaenicke@openssl.org>
Date: Wed, 29 Nov 2000 18:12:32 +0000
Subject: Store verify_result with sessions to avoid potential security hole.
 For the server side this was already done one year ago :-(

---
 CHANGES | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'CHANGES')

diff --git a/CHANGES b/CHANGES
index b2cfdf7e51..845bf5fd8c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 0.9.6 and 0.9.6a  [xx XXX 2000]
 
+  *) Store verify_result within SSL_SESSION also for client side to
+     avoid potential security hole. (Re-used sessions on the client side
+     always resulted in verify_result==X509_V_OK, not using the original
+     result of the server certificate verification.)
+     [Lutz Jaenicke]
+
   *) Disable ssl2_peek and ssl3_peek (i.e., both implementations
      of SSL_peek) because they both are completely broken.
      They will be fixed RSN by adding an additional 'peek' parameter
-- 
cgit v1.2.3